Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Overly detailed User-Agent
See original GitHub issuepip’s User-Agent field looks like this:
pip/9.0.1 {"cpu":"i686","distro":{"id":"jessie","libc":{"lib":"glibc","version":"2.19"},"name":"Debian GNU/Linux","version":"8"},"implementation":{"name":"CPython","version":"3.4.2"},"installer":{"name":"pip","version":"9.0.1"},"openssl_version":"OpenSSL 1.0.1t 3 May 2016","python":"3.4.2","system":{"name":"Linux","release":"3.16.0-4-686-pae"}}
That’s a lot of information about my system. PyPI has no business knowing my OpenSSL version, my libc version, or my kernel version. Please trim this down.
Issue Analytics
- State:
- Created 7 years ago
- Comments:11 (4 by maintainers)
Top Results From Across the Web
User-Agent - HTTP - MDN Web Docs - Mozilla
The User-Agent request header is a characteristic string that lets servers and network peers identify the application, operating system, ...
Read more >Overly detailed User-Agent · Issue #229 · pypa/twine - GitHub
twine's User-Agent field looks like this: twine/1.8.1 pkginfo/1.4.1 requests/2.13.0 setuptools/5.5.1 ... Overly detailed User-Agent #229.
Read more >User Agent String best practices - WhatIsMyBrowser.com
Overly long user agents tend to indicate that there's something wrong with your user agent: perhaps it's intentionally malicious/spammy, or perhaps there was...
Read more >List of User Agent strings - DeviceAtlas
User-Agent list for different device types ... There are millions of User-Agent combinations given that UAs change with the software and hardware.
Read more >The User-Agent — That Crazy String Underpinning a Bunch of ...
The User-Agent (UA) is a field in the HTTP header that the client “should” (in the ... No advertising, no overly fine-grained detail...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Hello.
I came across this today, and I’m very surprised that this is the case. This is a terrible default setting, and it should definitively be changed.
At the very least it must be clear from the --help text that any command run will leak details to third parties that you have no control over.
If you need analytics, make it opt in. Ask people if it is ok that this is sent. You have enough traffic that sampled traffic will be good enough for this use.
Please reconsider this horrible practice. Make it right.
This information is used to provide metrics to figure out what folks are using in order to make informed decisions about where we draw lines of support for a variety of features. For example, you called out the libc version, and that is used when deciding where to draw the lines of support for features like
manylinux1and such. Removing data from this would make it harder to progress python Packaging (and is unlikely to actually be useful to anyone else, particularly since pip makes it difficult to accidentally send this information cleartext).