Should the default value of url-user-agent include a version number? Wha

From: Clément Pit--Claudel Subject: Should the default value of url-user-agent include a version number? What about the specific case of package.el? Date: Thu, 24 Mar 2016 13:22:49 -0400 User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0

Hi emacs-devel, https://debbugs.gnu.org/cgi/bugreport.cgi?bug=18812 added a url-user-agent setting to Emacs, but it only partly addressed feature request. The original suggestion was: > The url.el functions for making HTTP requests set the User-Agent header > to "URL/Emacs" which is not very descriptive. It would be helpful to > include the Emacs version, at least. I'm bringing this up again, as I do think it would be useful to have a more informative User-Agent string. The new system is very useful for customization, but it does not address the original issue. The two main advantages that I see for a more informative User-Agent string are these: * Package archives could work around issues with old versions of package.el (for example, 24.3 is somewhat dependent to the order in which dependencies are listed). * Package authors could get per-version and possibly per-platform statistics. Backwards compatibility is not always easy, so knowing which Emacs versions your users are on would be very useful, in particular to know when to drop support for an old version. These use cases were raised in https://github.com/melpa/melpa/issues/3493, in particular. Interestingly, they don't necessarily suggest that we should change url-user-agent; instead, wouldn't it be best for different parts of Emacs to use different user-agent strings? In particular, should eww and package.el really use the same User-Agent string? We could instead introduce separate a package-user-agent variable, and possibly an eww-user-agent variable; this would be in line with what other programs do: it's uncommon to advertise only the library used to access the web (in our case, ‘URL’) in a User-Agent string, instead of the actual User-Agent. Generally speaking, I would be in favor of always advertising the current Emacs version, and the OS, instead of only advertising it for package.el: this would be in conformance with RFC 7231 (see below), and with what many other browsers do (but fixing this issue by introducing a package-user-agent string would work as well, and might alleviate some concerns that were expressed in the original bug thread). Some expressed privacy concerns about this, but other parts of Emacs already advertise this information fully (Stefan, for example, your emails are tagged with "Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux)"). Has there been complaints about Gnus doing that? Are there reasons to prefer a very generic User-Agent string? Do these reasons also apply to a package.el-specific one? Cheers, Clément. > 5.5.3. User-Agent > > The "User-Agent" header field contains information about the user > agent originating the request, which is often used by servers to help > identify the scope of reported interoperability problems, to work > around or tailor responses to avoid particular user agent > limitations, and for analytics regarding browser or operating system > use. A user agent SHOULD send a User-Agent field in each request > unless specifically configured not to do so. > > User-Agent = product *( RWS ( product / comment ) ) > > The User-Agent field-value consists of one or more product > identifiers, each followed by zero or more comments (Section 3.2 of > [RFC7230]), which together identify the user agent software and its > significant subproducts. By convention, the product identifiers are > listed in decreasing order of their significance for identifying the > user agent software. Each product identifier consists of a name and > optional version. > > product = token ["/" product-version] > product-version = token > > A sender SHOULD limit generated product identifiers to what is > necessary to identify the product; a sender MUST NOT generate > advertising or other nonessential information within the product > identifier. A sender SHOULD NOT generate information in > product-version that is not a version identifier (i.e., successive > versions of the same product name ought to differ only in the > product-version portion of the product identifier). > > Example: > > User-Agent: CERN-LineMode/2.15 libwww/2.17b3 > > A user agent SHOULD NOT generate a User-Agent field containing > needlessly fine-grained detail and SHOULD limit the addition of > subproducts by third parties. Overly long and detailed User-Agent > field values increase request latency and the risk of a user being > identified against their wishes ("fingerprinting"). > > Likewise, implementations are encouraged not to use the product > tokens of other implementations in order to declare compatibility > with them, as this circumvents the purpose of the field. If a user > agent masquerades as a different user agent, recipients can assume > that the user intentionally desires to see responses tailored for > that identified user agent, even if they might not work as well for > the actual user agent being used. >

signature.asc

Description: OpenPGP digital signature

reply via email to

