The change page lacks a discussion of security implications. An informed decision requires answers to questions such as:
· What kinds of attacks might be possible with malicious debuginfo files? (For example debugging tools might have undiscovered bugs that could be exploited by malformed DWARF data.)
· How is it verified that files received from debuginfo servers have not been tampered with?
· Is there any end-to-end authentication from the Fedora build system to my workstation – which there is with signed debuginfo packages – or do the tools blindly trust a whole network of federated debuginfo servers?
Some Debian users have [https://lists.debian.org/debian-devel/2021/02/msg00262.html expressed concerns] that this facility "calls home" during debugging, so it may expose a limited amount of information about what a user is debugging.
To fully understand the privacy implications, one needs to know:
· Does that happen every time, or are downloaded files cached locally?
· If there is a cache, when are old files purged from the cache?
The change page should also mention how a network problem can impact the usability of debugging tools. Could it for example make GDB hang for a minute every time it encounters a new source filename?
Finally, if somebody doesn't like the answers to the above questions, then they'll want to know how to disable the feature.
Björn Persson