[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Should the default value of url-user-agent include a version number? Wha
From: |
Clément Pit--Claudel |
Subject: |
Should the default value of url-user-agent include a version number? What about the specific case of package.el? |
Date: |
Thu, 24 Mar 2016 13:22:49 -0400 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 |
Hi emacs-devel,
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=18812 added a url-user-agent
setting to Emacs, but it only partly addressed feature request. The original
suggestion was:
> The url.el functions for making HTTP requests set the User-Agent header
> to "URL/Emacs" which is not very descriptive. It would be helpful to
> include the Emacs version, at least.
I'm bringing this up again, as I do think it would be useful to have a more
informative User-Agent string. The new system is very useful for customization,
but it does not address the original issue. The two main advantages that I see
for a more informative User-Agent string are these:
* Package archives could work around issues with old versions of package.el
(for example, 24.3 is somewhat dependent to the order in which dependencies are
listed).
* Package authors could get per-version and possibly per-platform statistics.
Backwards compatibility is not always easy, so knowing which Emacs versions
your users are on would be very useful, in particular to know when to drop
support for an old version.
These use cases were raised in https://github.com/melpa/melpa/issues/3493, in
particular. Interestingly, they don't necessarily suggest that we should change
url-user-agent; instead, wouldn't it be best for different parts of Emacs to
use different user-agent strings? In particular, should eww and package.el
really use the same User-Agent string? We could instead introduce separate a
package-user-agent variable, and possibly an eww-user-agent variable; this
would be in line with what other programs do: it's uncommon to advertise only
the library used to access the web (in our case, ‘URL’) in a User-Agent string,
instead of the actual User-Agent.
Generally speaking, I would be in favor of always advertising the current Emacs
version, and the OS, instead of only advertising it for package.el: this would
be in conformance with RFC 7231 (see below), and with what many other browsers
do (but fixing this issue by introducing a package-user-agent string would work
as well, and might alleviate some concerns that were expressed in the original
bug thread). Some expressed privacy concerns about this, but other parts of
Emacs already advertise this information fully (Stefan, for example, your
emails are tagged with "Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux)"). Has
there been complaints about Gnus doing that?
Are there reasons to prefer a very generic User-Agent string? Do these reasons
also apply to a package.el-specific one?
Cheers,
Clément.
> 5.5.3. User-Agent
>
> The "User-Agent" header field contains information about the user
> agent originating the request, which is often used by servers to help
> identify the scope of reported interoperability problems, to work
> around or tailor responses to avoid particular user agent
> limitations, and for analytics regarding browser or operating system
> use. A user agent SHOULD send a User-Agent field in each request
> unless specifically configured not to do so.
>
> User-Agent = product *( RWS ( product / comment ) )
>
> The User-Agent field-value consists of one or more product
> identifiers, each followed by zero or more comments (Section 3.2 of
> [RFC7230]), which together identify the user agent software and its
> significant subproducts. By convention, the product identifiers are
> listed in decreasing order of their significance for identifying the
> user agent software. Each product identifier consists of a name and
> optional version.
>
> product = token ["/" product-version]
> product-version = token
>
> A sender SHOULD limit generated product identifiers to what is
> necessary to identify the product; a sender MUST NOT generate
> advertising or other nonessential information within the product
> identifier. A sender SHOULD NOT generate information in
> product-version that is not a version identifier (i.e., successive
> versions of the same product name ought to differ only in the
> product-version portion of the product identifier).
>
> Example:
>
> User-Agent: CERN-LineMode/2.15 libwww/2.17b3
>
> A user agent SHOULD NOT generate a User-Agent field containing
> needlessly fine-grained detail and SHOULD limit the addition of
> subproducts by third parties. Overly long and detailed User-Agent
> field values increase request latency and the risk of a user being
> identified against their wishes ("fingerprinting").
>
> Likewise, implementations are encouraged not to use the product
> tokens of other implementations in order to declare compatibility
> with them, as this circumvents the purpose of the field. If a user
> agent masquerades as a different user agent, recipients can assume
> that the user intentionally desires to see responses tailored for
> that identified user agent, even if they might not work as well for
> the actual user agent being used.
>
signature.asc
Description: OpenPGP digital signature
- Should the default value of url-user-agent include a version number? What about the specific case of package.el?,
Clément Pit--Claudel <=
Re: Should the default value of url-user-agent include a version number? What about the specific case of package.el?, Lars Magne Ingebrigtsen, 2016/03/24
Re: Should the default value of url-user-agent include a version number? What about the specific case of package.el?, Clément Pit--Claudel, 2016/03/24