https://sourceware.org/bugzilla/show_bug.cgi?id=27532
--- Comment #2 from Sergio Durigan Junior <sergiodj at sergiodj dot net> --- Thanks for the reply, Frank. Yeah, I thought about the good practices, too. My rationale for filing this bug against debuginfod instead of e.g. GDB is that it is more uniform to have the actual agent who performs the download worry about obtaining permission, instead of having each library user (GDB, perf, etc.) do it. As for the setting of the environment variable being considered consent, one of the points raised in the discussion on debian-devel is that, with the way things are implemented now (using a /etc/profile.d/ snippet), the user will likely not be aware that DEBUGINFOD_URLS is set unless she herself was the one who installed the system. Also, and arguably, DEBUGINFOD_URLS's purpose is just to specify which debuginfod servers should be consulted, not if it is OK to do the actual request. Anyway, I'm not opposed to the idea that it is the actual library user who should obtain explicit user consent here. In a way, you could even consider that libdebuginfod is a wrapper around libcurl, and I totally agree that the library should implement the mechanism and that its clients should implement the policy. -- You are receiving this mail because: You are on the CC list for the bug.
