[Bug debuginfod/27532] debuginfod should ask the user for permission before downloading files

fche at redhat dot com sourceware-bugzilla@sourceware.org
Sat Mar 6 18:05:09 GMT 2021


https://sourceware.org/bugzilla/show_bug.cgi?id=27532

Frank Ch. Eigler <fche at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WONTFIX

--- Comment #3 from Frank Ch. Eigler <fche at redhat dot com> ---
> the user will likely not be aware that DEBUGINFOD_URLS is set unless
> she herself was the one who installed the system.

The way I'd address this is to advise the sysadmin to set this by default
systemwide only if the user base is going to be copacetic with this, or
if they are informed somehow (release notes?) so they can easily opt out.
If pure documentation is not enough, maybe have some path from logon
through to the calling application print out the env var that first time.

Note that hypothetical unintentional information leakage is very small:
buildids, and perhaps the curl User-Agent: field.  That's it.  (It won't
get to querying source files unless the debuginfo is found first.)

Closing as WONTFIX on account of the impropriety of a low level library
engaging in interactive dialogue.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the Elfutils-devel mailing list