This should be handled in three different steps. There are questions remaining to be answered before proceeding with the integration.
debuginfod
Is debuginfod secure?
i.e. Is there authentication between gdb and debuginfod?
⚠️ It is theoretically possible to perform code execution through debug symbols.
Mirrors
Right now the debug packages live in a single server. We should start distributing them through mirrors and potentially have them in our archives as well.
There is a question about storage since debug packages might take a good amount of disk space.
“We shouldn’t let the limitations of mirrors affect our design choices”.