Telemetry Policy

Volker Krause vkrause at kde.org
Wed Aug 16 10:06:26 BST 2017 

On Wednesday, 16 August 2017 10:21:11 CEST Ben Cooksley wrote:
> On Mon, Aug 14, 2017 at 11:40 PM, Volker Krause <vkrause at kde.org> wrote:
> > I agree on the proposed wording changes, so focusing on your technical
> > points below.
> > 
> > On Monday, 14 August 2017 11:53:17 CEST Ben Cooksley wrote:
> >> I've got two technical notes here:
> >> 
> >> 1) All products should fetch details on where to submit telemetry data
> >> from an online configuration file similar to
> >> https://autoconfig.kde.org/ocs/providers.xml
> >> 
> >> This would give us the capacity to version the telemetry server api,
> >> and potentially even "kill" telemetry submissions from older
> >> application versions if needed.
> >> 
> >> 2) No software product should use the QNetworkAccessManager family of
> >> classes due to known defects in it's operation within some versions of
> >> Qt which cause infrastructure problems.
> > 
> > The current implementation uses QNAM, but actually has code to handle HTTP
> > redirects correctly (with unit test coverage), I assume that's the issue
> > you are referring to? This also has been tested all the way back to Qt4.8
> > as part of the existing deployment in GammaRay.
> 
> That's one of the considerations yes. I'm hopeful that nothing else in
> it will be found to be broken behaviour wise but have much more faith
> in KIO here.
> 
> > I don't mind adding the extra indirection with the configuration file,
> > although just from the XML I don't see yet what that would provide beyond
> > HTTP redirects. Are there certain information (e.g. the app version)
> > passed already as part of the request for the configuration file? Or can
> > there be conditional aspects not currently present in the above example?
> 
> The extra indirection is basically to give us the option to shift the
> endpoint elsewhere at some point without having to keep the old one
> alive even as a redirect.

Isn't that just shifting the requirement for the "stable" endpoint to the 
configuration one? But if that's easier we can of course add that. Are there 
any formats/standards you have in mind for this, or any parameters the GET 
request should contain?

> I'm also concerned that we could potentially run into issues if the
> system doesn't do any GET requests. From what I recall unless the
> server and client support a specific RFC then redirecting POST
> requests isn't something one can rely on here (your code might handle
> this properly, I certainly wouldn't trust QNAM to do so given their
> stance on optional behaviour in HTTP RFCs)

Correct, QNAM doesn't support POST redirects itself. But since we deal with 
redirects ourselves anyway, that's not really an issue. On the server I 
haven't run into issues yet, even the super primitive HTTP test server built 
into PHP can handle it. POST redirects aren't particularly elegant though, as 
you are sending the payload multiple times. So the extra GET might be a better 
solution anyway.

Regards,
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-community/attachments/20170816/053fb29d/attachment.sig>

More information about the kde-community mailing list