[Nut-upsuser] ISE review of I-D: deprecate command VER?

Greg Troxel gdt at lexort.com
Sun Mar 20 22:11:33 GMT 2022


Roger Price <roger at rogerprice.org> writes:

> I received the following comment from the Independent Submissions Editor (ISE):
>
>  The command VER is hazardous because it encourages exploiting of
>  implementation peculiarities that are not well documented in a
>  protocol.  The best example of such a failure is the browser version
>  field in HTTP.  A complete disaster.  You should warn against use of
>  this command, or even better, deprecate it.
>
> I was not aware of the disaster in the browser version field, but I
> will warn against use of VER, and deprecate it, if you agree.

I am quite aware of it, but I haven't seen it called out like this.  The
basic issue is that we now have a culture of web servers serving N
different versions of pages based on the User-Agent field, instead of
coding to standards and expecting clients to meet standards.  "Disaster"
might be a slightly strong word, but it isn't at all confused.

So a good question is whether it's necessary.  Perhaps it's just a
management plane concept, but for SMTP the two sides don't specify
their software or protocol versions.

In general, a fair question is "What if we deleted this?  If we wouldn't
have trouble, why are we keeping it?"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/nut-upsuser/attachments/20220320/82a952c4/attachment.sig>


More information about the Nut-upsuser mailing list