User-Agent string, my patch and privacy concerns.

Giorgos Keramidas keramida at ceid.upatras.gr
Wed Apr 2 10:35:15 CDT 2008 

On Wed, 02 Apr 2008 07:51:22 -0700, "Eric M. Hopper" <hopper at omnifarious.org> wrote:
> I have a patch that causes the User-Agent string sent by the Mercurial
> client in HTTP requests to change from this:
>
> mercurial/proto-1.0
>
> to this:
>
> mercurial/proto-1.0 (Python/2.5.1(0x20501f0); Mercurial/1.0.0.6390; posix/linux2)
>
> I think this is really useful extra information to have in a number of
> different contexts, and I think I'm also going to be writing a patch
> will cause servers to report something similar in their 'Server' header.
>
> But, extra information always raises privacy concerns.  I'm curious how
> you all feel about this.
>
> * Do you not want the patch at all?
> * Would you prefer it be turned off by default (which would make it
>   much less useful IMHO)?
> * Do you want it to report less extra information by default?
> * Do you want individual options for turning on or off the Python
>   version, Mercurial version and OS Python thinks it's running under?

A nice model for this sort of thing is the one used by Postfix in the
SMTP daemon options.  Quoting from the sample `main.cf' of the source
distribution:

  # SHOW SOFTWARE VERSION OR NOT
  #
  # The smtpd_banner parameter specifies the text that follows the 220
  # code in the SMTP server's greeting banner. Some people like to see
  # the mail version advertised. By default, Postfix shows no version.
  #
  # You MUST specify $myhostname at the start of the text. That is an
  # RFC requirement. Postfix itself does not care.
  #
  #smtpd_banner = $myhostname ESMTP $mail_name
  #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

Maybe we can have something similar in the [web] section for Mercurial.
I think something like the following would be nice to have:

  # How much information to show in HTTP User-Agent strings.
  #
  # The user_agent_format option specifies the text that is shown in the
  # User-Agent header of connections made by Mercurial clients.  Some times
  # it is useful to know extra information, like the Python build, or the
  # operating system version.  By default, Mercurial shows only its protocol
  # version.
  #
  # You MUST specify {myprotocol} at the start of the text.  It is required
  # by the wire-protocol of Mercurial.  Any other text is optional, and can
  # contain entirely custom text.

  [web]
  user_agent_format = {myprotocol}
  user_agent_format = {myprotocol} ({pythonversion}; {hgversion}; ${osversion})

Then we can use the templater to expand the keywords shown above, or other
things that may be considered useful in a User-Agent header.

IMHO, the default should be to keep the current behavior.  Allowing extra info
would be possible, but not forced `unexpectedly' upon existing users :-)

- Giorgos

More information about the Mercurial mailing list