[petsc-dev] I hate nagupgrade

Jed Brown jed at jedbrown.org
Tue Nov 11 14:00:40 CST 2014


Matthew Knepley <knepley at gmail.com> writes:

> I find it hard to believe he is a science professor with that kind of
> inference from the data (you can see it retrieves a webpage). 

It takes work to figure out what PETSc is doing.  And even just fetching
a web page leaks moderately identifiable information.  For example, it
leaks the version of the software and the IP address.  You can usually
bound the number of installations in an organization by the number of
distinct connections.  https://panopticlick.eff.org/ estimates that my
urllib has more than 18 bits of entropy.

> Maybe climate ;)

No, and you know him.

> urllib2 has the timeout argument, so we should switch. 

Added in Python 2.6.  We can attempt to use it, but it doesn't fix the
problem.

> I am not sure I see retrieving a webpage as unprofessional. Is there a
> better way to update information, or do we want a model that is
> completely dead once downloaded?  I think people now assume that this
> is not true.

There is a difference between a library and an end-user application.
Having "updaters" for end-user applications seems to be the status quo
on Windows and to a lesser extent on Macs, but is resented on Linux.
Having a library do these checks is not okay anywhere.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <http://lists.mcs.anl.gov/pipermail/petsc-dev/attachments/20141111/51f87552/attachment.sig>


More information about the petsc-dev mailing list