[Nut-upsuser] ISE review of I-D: deprecate command VER?

Roger Price roger at rogerprice.org
Mon Mar 21 15:26:11 GMT 2022

>> On 20.03.22 16:02, Roger Price wrote:
>>> I received the following comment from the Independent Submissions Editor (ISE):
>>> The command VER is hazardous because it encourages exploiting of
>>> implementation peculiarities that are not well documented in a
>>> protocol.  The best example of such a failure is the browser version
>>> field in HTTP.  A complete disaster.  You should warn against use of
>>> this command, or even better, deprecate it.
>>> I was not aware of the disaster in the browser version field, but I
>>> will warn against use of VER, and deprecate it, if you agree.

Thanks very much for the helpful discussion.

1. I will not deprecate VER, but I will explain to the ISE that NUT is very 
different to the HTTP disaster situation, and that we do not have millions of 
users of broken clients.

2. I will explain that "current practice" is for a client, known as a Management 
Daemon, to fall back to an earlier command form if a command fails.  E.g. if 
PRIMARY fails, fall back to MASTER.

3. The ISE requires that the I-D state clearly which version of NUT, as returned 
in response to command VER, is documented by the I-D.  I have written the I-D in 
terms of NUT 2.7.4, but it would probably be better if the ID referred to 
upcoming 2.8.0.  This will make it clearer what "current practice" means.

Do you agree that the I-D should refer to 2.8.0?

4. The I-D must also say which protocol version it documents, as returned in 
response to command PROTVER (formerly NETVER).

Will this stll be 1.2 in NUT 2.8.0, or will it move to 1.3?


More information about the Nut-upsuser mailing list