The change page lacks a discussion of security implications. An informed
decision requires answers to questions such as:
· What kinds of attacks might be possible with malicious debuginfo files?
(For example debugging tools might have undiscovered bugs that could be
exploited by malformed DWARF data.)
· How is it verified that files received from debuginfo servers have not
been tampered with?
· Is there any end-to-end authentication from the Fedora build system to
my workstation – which there is with signed debuginfo packages – or do
the tools blindly trust a whole network of federated debuginfo servers?
Some Debian users have
[
https://lists.debian.org/debian-devel/2021/02/msg00262.html expressed
concerns] that this facility "calls home" during debugging, so it may
expose a limited amount of information about what a user is debugging.
To fully understand the privacy implications, one needs to know:
· Does that happen every time, or are downloaded files cached locally?
· If there is a cache, when are old files purged from the cache?
The change page should also mention how a network problem can impact the
usability of debugging tools. Could it for example make GDB hang for a
minute every time it encounters a new source filename?
Finally, if somebody doesn't like the answers to the above questions,
then they'll want to know how to disable the feature.
Björn Persson