Hi Eric, On Sun, Jan 08, 2023 at 07:47:38PM +0000, Eric Wong wrote: > Thomas Weißschuh <tho...@t-8ch.de> wrote: > > Hi, > > > > it would be nice if public-inbox could extend the HTML pages it > > generates with the "generator" meta tag [0]. > > Especially the version would be useful. > > > > This would help users during debugging to see the specific version of > > public-inbox they are looking at. > > What would users be debugging? > Admins would be the only ones who care, I think...
Since recently my mails to linux-ker...@vger.kernel.org that should end up on public-inbox on https://lore.kernel.org/lkml/ don't do so. They are accepted by the mail server on vger.kernel.org but never end up in the archives. I suspect some interactions between b4 which is used to generate the mails, the unicode characters in my name and public-inbox to be the culprit. This is what I wanted to reproduce locally, for which exact versions would have been nice. > Version info becomes worthless if an admin blocks/alters certain > endpoints via nginx/varnish or just editing the code. > > > For example: > > > > <head> > > <title>Some page</title> > > <meta name="generator" content="public-inbox 1.9.0" /> > > </head> > > I prefer to disclose as little information as possible in case > vulnerabilities are found. Alone, security by obscurity doesn't work, > but obscurity does make things more difficult for attackers > (same reason camouflage exists). > > I also don't like wasting memory+bandwidth on things most users > won't see or care about. This is especially true for stuff at > the beginnning of the output since that's most likely to succeed > in being transferred. Fair enough. The loading speed of public-inbox is really great, let's keep it that way. > > [0] https://html.spec.whatwg.org/multipage/semantics.html#meta-generator @Konstantin, if you read this: I'll send a proper bugreport to to...@linux.kernel.org soonish. Thanks, Thomas
