CFLAGS=-g ./configure assumes --without-debug then ignores -g. i think that without explicit --without-debug it shouldn't be ignored at all, and even with --without-debug it should allow compiling with -g anyways (interpreting --without-debug as "don't add debug flags", not "remove all debugging functionality") or at least issue an error and fail loudly.

i suspect this was initially done due to autoconf CFLAGS="-g -O2" default, but it's a very unintuitive behavior, and from a distro level means we need to do special work to support curl debugging. --with-debug seems not right for us either, since we may want to specify our own setting. in fact, as i read it, it is currently totally impossible to set anything other than -g (with gcc/clang), since -g* is stripped and replaced with either -g or nothing.