Manuel Wolfshant
2022-Mar-21 15:41 UTC
[Nut-upsuser] ISE review of I-D: deprecate command VER?
On 3/21/22 17:26, Roger Price wrote:>>> On 20.03.22 16:02, Roger Price wrote: >>>> I received the following comment from the Independent Submissions >>>> Editor (ISE): >>>> >>>> The command VER is hazardous because it encourages exploiting of >>>> implementation peculiarities that are not well documented in a >>>> protocol.? The best example of such a failure is the browser version >>>> field in HTTP.? A complete disaster.? You should warn against use of >>>> this command, or even better, deprecate it. >>>> >>>> I was not aware of the disaster in the browser version field, but I >>>> will warn against use of VER, and deprecate it, if you agree. > > Thanks very much for the helpful discussion. > > 1. I will not deprecate VER, but I will explain to the ISE that NUT is > very different to the HTTP disaster situation, and that we do not have > millions of users of broken clients.right> > 2. I will explain that "current practice" is for a client, known as a > Management Daemon, to fall back to an earlier command form if a > command fails.? E.g. if PRIMARY fails, fall back to MASTER. > > 3. The ISE requires that the I-D state clearly which version of NUT, > as returned in response to command VER, is documented by the I-D.? I > have written the I-D in terms of NUT 2.7.4, but it would probably be > better if the ID referred to upcoming 2.8.0.? This will make it > clearer what "current practice" means. > > Do you agree that the I-D should refer to 2.8.0?Not really. Even 2.7.5 is still not out and 2.7.4 was released in sept 2021 ( according to https://github.com/networkupstools/nut ). I would either use some generic values as example or leave it as it is.> > 4. The I-D must also say which protocol version it documents, as > returned in response to command PROTVER (formerly NETVER). > > Will this stll be 1.2 in NUT 2.8.0, or will it move to 1.3? > > Roger
Manuel Wolfshant <wolfy at nobugconsulting.ro> writes:> Not really. Even 2.7.5 is still not out and 2.7.4 was released in sept > 2021 ( according to https://github.com/networkupstools/nut ).No, 2.7.4 was released in 2016. It's just a github artifact; read the "release notes".>> 4. The I-D must also say which protocol version it documents, as >> returned in response to command PROTVER (formerly NETVER). >> >> Will this stll be 1.2 in NUT 2.8.0, or will it move to 1.3?If we are heading down the RFC path, I think it's totally unreasonable to have a protocol change more than once in a while, and doing so needs to be coordinated with all users of the protocol, and the RFC updated. So I'd hope that whatever version is on the master branch is what's being documented. It could be that the protocol has changed and the version number hasn't, but that seems unlikely. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 194 bytes Desc: not available URL: <http://alioth-lists.debian.net/pipermail/nut-upsuser/attachments/20220321/a859c8e8/attachment.sig>