From: Jeff King <peff@peff.net>
To: Junio C Hamano <gitster@pobox.com>
Cc: git@vger.kernel.org
Subject: Re: git version statistics
Date: Fri, 1 Jun 2012 05:03:38 -0400 [thread overview]
Message-ID: <20120601090337.GC32340@sigill.intra.peff.net> (raw)
In-Reply-To: <7v396g6t53.fsf@alter.siamese.dyndns.org>
On Thu, May 31, 2012 at 12:35:20PM -0700, Junio C Hamano wrote:
> Jeff King <peff@peff.net> writes:
>
> > diff --git a/builtin/fetch-pack.c b/builtin/fetch-pack.c
> > index 149db88..f3b8422 100644
> > --- a/builtin/fetch-pack.c
> > +++ b/builtin/fetch-pack.c
> > @@ -327,6 +327,7 @@ static int find_common(int fd[2], unsigned char *result_sha1,
> > if (args.no_progress) strbuf_addstr(&c, " no-progress");
> > if (args.include_tag) strbuf_addstr(&c, " include-tag");
> > if (prefer_ofs_delta) strbuf_addstr(&c, " ofs-delta");
> > + strbuf_addf(&c, " agent=git/%s", git_version_string);
> > packet_buf_write(&req_buf, "want %s%s\n", remote_hex, c.buf);
> > strbuf_release(&c);
>
> Even though the version string GIT-VERSION-GEN script deduces from
> the repository version is designed to be safe, in general "version"
> file can contain a string with whitespaces. You may want to be
> careful about that in the above.
Yeah, I agree. I should have been more clear that this patch was an RFC
about the idea, not the implementation.
We could also strip off junk like ".dirty" which is unlikely to be
interesting for statistical reporting. On the other hand, it could be
useful for somebody debugging, and it can always be stripped later.
I don't know if anybody cares about the security or privacy implications
of advertising your client version. Maybe it should be configurable?
> Do we want a similar identifier string on the other side of the
> connection?
We could. I don't see much point, unless you were going to conduct a
similar survey by hitting random IPs looking for git ports (but even
then, you're not likely to turn up much, because you have to know a repo
name before you can convince git to show a capability string). I suppose
it could also help with debugging if your client is having trouble
talking to a server that is not under your control.
Some traditional security advice I have heard is that servers should not
advertise their versions, as it makes it more obvious what holes they
have. Personally, I find that argument to be mostly security through
obscurity. If I have an exploit for version X, it's generally just as
easy to try it as it is to check the version (unless the exploit
requires a lot of effort, like guessing a value that might take
thousands of tries).
-Peff
next prev parent reply other threads:[~2012-06-01 9:04 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-31 11:48 git version statistics Jeff King
2012-05-31 12:00 ` Jeff King
2012-05-31 19:35 ` Junio C Hamano
2012-06-01 9:03 ` Jeff King [this message]
2012-06-01 14:49 ` Junio C Hamano
2012-06-02 16:32 ` Jeff King
2012-06-02 16:59 ` Tomas Carnecky
2012-06-02 18:49 ` Jeff King
2012-06-02 18:51 ` [PATCH 1/4] move git_version_string into version.c Jeff King
2012-06-02 19:01 ` [PATCH 2/4] version: add git_user_agent function Jeff King
2012-06-19 18:40 ` Thomas Rast
2012-06-19 18:59 ` Jeff King
2012-06-19 19:52 ` Jeff King
2012-06-19 19:52 ` [PATCH 1/3] Makefile: apply dependencies consistently to sparse/asm targets Jeff King
2012-06-19 20:38 ` Junio C Hamano
2012-06-19 20:01 ` [PATCH 2/3] Makefile: split GIT_USER_AGENT from GIT-CFLAGS Jeff King
2012-06-19 20:38 ` Junio C Hamano
2012-06-19 20:03 ` [PATCH 3/3] Makefile: split prefix flags " Jeff King
2012-06-19 20:51 ` Junio C Hamano
2012-06-19 21:04 ` Jeff King
2012-06-19 21:39 ` Junio C Hamano
2012-06-19 23:36 ` Jeff King
2012-06-19 23:58 ` Junio C Hamano
2012-06-19 21:43 ` Jeff King
2012-06-19 23:22 ` [PATCHv2 0/8] makefile cleanups Jeff King
2012-06-19 23:23 ` [PATCHv2 1/8] Makefile: apply dependencies consistently to sparse/asm targets Jeff King
2012-06-20 3:50 ` Jonathan Nieder
2012-06-20 4:26 ` Jeff King
2012-06-20 10:27 ` Jonathan Nieder
2012-06-20 16:37 ` Jeff King
2012-06-20 18:28 ` Jeff King
2012-06-20 18:30 ` [PATCHv3 01/11] Makefile: sort LIB_H list Jeff King
2012-06-20 20:00 ` Junio C Hamano
2012-06-20 20:01 ` Jeff King
2012-06-20 18:30 ` [PATCHv3 02/11] Makefile: fold MISC_H into LIB_H Jeff King
2012-06-20 20:01 ` Junio C Hamano
2012-06-20 21:07 ` Jonathan Nieder
2012-06-20 22:11 ` Jeff King
2012-07-07 3:39 ` [PATCH 02.5/11] Makefile: fold XDIFF_H and VCSSVN_H " Jonathan Nieder
2012-07-09 14:59 ` Junio C Hamano
2012-07-06 22:47 ` [PATCHv3 02/11] Makefile: fold MISC_H " Jonathan Nieder
2012-06-20 18:31 ` [PATCHv3 03/11] Makefile: do not have git.o depend on common-cmds.h Jeff King
2012-06-20 21:09 ` Jonathan Nieder
2012-06-20 18:31 ` [PATCHv3 04/11] Makefile: apply dependencies consistently to sparse/asm targets Jeff King
2012-06-20 21:12 ` Jonathan Nieder
2012-06-20 22:15 ` Jeff King
2012-07-07 4:19 ` [PATCH/RFC] Makefile: document ground rules for target-specific dependencies Jonathan Nieder
2012-06-20 18:31 ` [PATCHv3 05/11] Makefile: do not replace @@GIT_USER_AGENT@@ in scripts Jeff King
2012-06-20 20:06 ` Junio C Hamano
2012-06-20 20:09 ` Jeff King
2012-06-20 18:31 ` [PATCHv3 06/11] Makefile: split GIT_USER_AGENT from GIT-CFLAGS Jeff King
2012-06-20 21:21 ` Jonathan Nieder
2012-06-20 22:16 ` Jeff King
2012-06-20 22:21 ` Jonathan Nieder
2012-07-07 4:42 ` [RFC/PATCH v4 " Jonathan Nieder
2012-06-20 18:31 ` [PATCHv3 07/11] Makefile: split prefix flags " Jeff King
2012-06-20 21:28 ` Jonathan Nieder
2012-06-20 22:22 ` Jeff King
2012-06-20 18:32 ` [PATCHv3 08/11] Makefile: do not replace @@GIT_VERSION@@ in shell scripts Jeff King
2012-06-20 18:32 ` [PATCHv3 09/11] Makefile: update scripts when build-time parameters change Jeff King
2012-06-20 18:32 ` [PATCHv3 10/11] Makefile: build instaweb similar to other scripts Jeff King
2012-06-20 18:32 ` [PATCHv3 11/11] Makefile: move GIT-VERSION-FILE dependencies closer to use Jeff King
2012-06-20 21:31 ` Jonathan Nieder
2012-06-20 19:30 ` [PATCHv2 1/8] Makefile: apply dependencies consistently to sparse/asm targets Jonathan Nieder
2012-06-20 19:36 ` Jeff King
2012-06-20 19:45 ` Jonathan Nieder
2012-06-20 19:57 ` Jeff King
2012-06-20 21:00 ` Jonathan Nieder
2012-06-21 8:52 ` Automatic dependency tracking in the Git build system (was: Re: [PATCHv2 1/8] Makefile: apply dependencies consistently to sparse/asm targets) Stefano Lattarini
2012-06-20 20:10 ` [PATCHv2 1/8] Makefile: apply dependencies consistently to sparse/asm targets Junio C Hamano
2012-06-20 23:00 ` Thomas Rast
2012-06-21 5:18 ` Jeff King
2012-06-21 5:43 ` Junio C Hamano
2012-06-19 23:24 ` [PATCHv2 2/8] Makefile: do not replace @@GIT_USER_AGENT@@ in scripts Jeff King
2012-06-19 23:25 ` [PATCHv2 3/8] Makefile: split GIT_USER_AGENT from GIT-CFLAGS Jeff King
2012-06-19 23:25 ` [PATCHv2 4/8] Makefile: split prefix flags " Jeff King
2012-06-19 23:27 ` [PATCHv2 5/8] Makefile: do not replace @@GIT_VERSION@@ in shell scripts Jeff King
2012-06-19 23:28 ` [PATCHv2 6/8] Makefile: update scripts when build-time parameters change Jeff King
2012-06-19 23:29 ` [PATCHv2 7/8] Makefile: build instaweb similar to other scripts Jeff King
2012-06-19 23:30 ` [PATCHv2 8/8] Makefile: move GIT-VERSION-FILE dependencies closer to use Jeff King
2012-06-02 19:03 ` [PATCH 3/4] http: get default user-agent from git_user_agent Jeff King
2012-06-02 19:05 ` [PATCH 4/4] include agent identifier in capability string Jeff King
2012-05-31 15:20 ` git version statistics Stephen Bash
2012-06-01 8:52 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120601090337.GC32340@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).