On Fri, Jun 01, 2012 at 07:49:17AM -0700, Junio C Hamano wrote:
> My initial reaction to the patch was a bit of trouble with the word
> "agent", as we do not call Git acting on behalf of the end user "an
> agent" in general.
Yeah, I don't especially like the term "agent". I had initially called
it "version", but rejected that for two reasons:
1. It is not just a version, but also telling what software is in use
(so I would expect git to write git/v1.7.10, and other
implementations to write write dulwich/1.2.3 or whatever).
2. I didn't want it to be confused as a protocol version.
But maybe those are non-issues. It should be fairly obvious what it is
when you see even one example of the value.
> > Some traditional security advice I have heard is that servers should not
> > advertise their versions, as it makes it more obvious what holes they
> > have. Personally, I find that argument to be mostly security through
> > obscurity.
>
> I do, too, but shipping with a configuration knob to optionally turn
> it off would be sufficient.
I think the most sensible thing is to just add a Makefile variable
that defaults to $(GIT_VERSION), and let people override it if they want
privacy. The http user-agent variable actually respects an environment
variable, but I don't see much point in going that far.
I'll cook up a new version of the patch.
-Peff
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html