My apologies for the delayed reaction, I was trying to take some time to write a well crafted response and then got taken off-guard by the rate of messages over the past days.
To me, the conclusion on the original question seems to be that neither direction is considered a good idea. I don't currently see a good other approach that involves gpsd directly, so I think that for me finishes the discussion here for now. There is one thing around ntpd-rs that I would like to clarify. We chose the design direction where ntpd-rs runs as an unpriviliged user, with some limited set of additional os permissions (capabilities under linux, but freebsd has something somewhat similar). We chose to delegate the task of setting those limited permissions up to the system's init system. This approach has worked well for us so far, and we are not aware of it giving rise to vulnerabilities. In any case, thank you for the input. Kind regards, David Venhoek
