On 09/05/13 21:53, Frank Ch. Eigler wrote:
...
That seems overly invasive for exposing data on private people running
private pmloggers for their private purposes. Can't this be opt-in,
or depend on userid? ...
It could be, but that was not in scope 10 years ago when this was
designed and built ... 8^)>
When we get secure and authenticated services working for client-pmcd
connections we probably should visit the pmlc-pmlogger connections as
well, although the number of people using pmlc is (I am pretty sure)
very small.
... Is it even safe for a system daemon to trust &
rebroadcast data from some random unprivileged pmlogger?
The data from the pmlogger that is available from pmcd is minimalist ...
see pminfo -T pmcd.pmlogger ... I doubt that there is much cause for
concern there.
Note that all of these issues need to be repeated for pmie and the
pmcd.pmie.* metrics.
...
It sounds like the debian one-time post-install scripts would be the
place to set permissions that are not-quite-right after untarring,
rather than the system reboot-time rc files.
Agreed, but we're back to QA effort and risk for a 3.8.0 release.
|