From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
 id 6D250385482D; Sat,  6 Mar 2021 18:05:09 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6D250385482D
From: "fche at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: elfutils-devel@sourceware.org
Subject: [Bug debuginfod/27532] debuginfod should ask the user for permission
 before downloading files
Date: Sat, 06 Mar 2021 18:05:09 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: elfutils
X-Bugzilla-Component: debuginfod
X-Bugzilla-Version: unspecified
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: fche at redhat dot com
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Resolution: WONTFIX
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_status resolution
Message-ID: <bug-27532-10460-yCMW9CK1I4@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-27532-10460@http.sourceware.org/bugzilla/>
References: <bug-27532-10460@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: elfutils-devel@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Elfutils-devel mailing list <elfutils-devel.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/elfutils-devel/>
List-Help: <mailto:elfutils-devel-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Mar 2021 18:05:09 -0000

https://sourceware.org/bugzilla/show_bug.cgi?id=3D27532

Frank Ch. Eigler <fche at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WONTFIX

--- Comment #3 from Frank Ch. Eigler <fche at redhat dot com> ---
> the user will likely not be aware that DEBUGINFOD_URLS is set unless
> she herself was the one who installed the system.

The way I'd address this is to advise the sysadmin to set this by default
systemwide only if the user base is going to be copacetic with this, or
if they are informed somehow (release notes?) so they can easily opt out.
If pure documentation is not enough, maybe have some path from logon
through to the calling application print out the env var that first time.

Note that hypothetical unintentional information leakage is very small:
buildids, and perhaps the curl User-Agent: field.  That's it.  (It won't
get to querying source files unless the debuginfo is found first.)

Closing as WONTFIX on account of the impropriety of a low level library
engaging in interactive dialogue.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=