>> On 20.03.22 16:02, Roger Price wrote: >>> I received the following comment from the Independent Submissions Editor (ISE): >>> >>> The command VER is hazardous because it encourages exploiting of >>> implementation peculiarities that are not well documented in a >>> protocol.? The best example of such a failure is the browser version >>> field in HTTP.? A complete disaster.? You should warn against use of >>> this command, or even better, deprecate it. >>> >>> I was not aware of the disaster in the browser version field, but I >>> will warn against use of VER, and deprecate it, if you agree.Thanks very much for the helpful discussion. 1. I will not deprecate VER, but I will explain to the ISE that NUT is very different to the HTTP disaster situation, and that we do not have millions of users of broken clients. 2. I will explain that "current practice" is for a client, known as a Management Daemon, to fall back to an earlier command form if a command fails. E.g. if PRIMARY fails, fall back to MASTER. 3. The ISE requires that the I-D state clearly which version of NUT, as returned in response to command VER, is documented by the I-D. I have written the I-D in terms of NUT 2.7.4, but it would probably be better if the ID referred to upcoming 2.8.0. This will make it clearer what "current practice" means. Do you agree that the I-D should refer to 2.8.0? 4. The I-D must also say which protocol version it documents, as returned in response to command PROTVER (formerly NETVER). Will this stll be 1.2 in NUT 2.8.0, or will it move to 1.3? Roger
Manuel Wolfshant
2022-Mar-21 15:41 UTC
[Nut-upsuser] ISE review of I-D: deprecate command VER?
On 3/21/22 17:26, Roger Price wrote:>>> On 20.03.22 16:02, Roger Price wrote: >>>> I received the following comment from the Independent Submissions >>>> Editor (ISE): >>>> >>>> The command VER is hazardous because it encourages exploiting of >>>> implementation peculiarities that are not well documented in a >>>> protocol.? The best example of such a failure is the browser version >>>> field in HTTP.? A complete disaster.? You should warn against use of >>>> this command, or even better, deprecate it. >>>> >>>> I was not aware of the disaster in the browser version field, but I >>>> will warn against use of VER, and deprecate it, if you agree. > > Thanks very much for the helpful discussion. > > 1. I will not deprecate VER, but I will explain to the ISE that NUT is > very different to the HTTP disaster situation, and that we do not have > millions of users of broken clients.right> > 2. I will explain that "current practice" is for a client, known as a > Management Daemon, to fall back to an earlier command form if a > command fails.? E.g. if PRIMARY fails, fall back to MASTER. > > 3. The ISE requires that the I-D state clearly which version of NUT, > as returned in response to command VER, is documented by the I-D.? I > have written the I-D in terms of NUT 2.7.4, but it would probably be > better if the ID referred to upcoming 2.8.0.? This will make it > clearer what "current practice" means. > > Do you agree that the I-D should refer to 2.8.0?Not really. Even 2.7.5 is still not out and 2.7.4 was released in sept 2021 ( according to https://github.com/networkupstools/nut ). I would either use some generic values as example or leave it as it is.> > 4. The I-D must also say which protocol version it documents, as > returned in response to command PROTVER (formerly NETVER). > > Will this stll be 1.2 in NUT 2.8.0, or will it move to 1.3? > > Roger