On Mon, 12 Feb 2007, Jeff Pohlmeyer wrote:

> As far as changing the user-agent behavior, I'm not sure how well-received
> it will be if the library suddenly starts revealing information about itself
> that it didn't reveal previously.

Yes, that's what I was thinking as well, so we have the two conflicting
interests: changing existing apps' behaviours vs making existing apps behave
nicer protocol-wise.

> Also, since one of your concerns was for curl getting blamed for malicious
> activity, there might be some nasty applications out there that are
> currently using libcurl, and if they suddenly start advertising it, that
> might not be such a good thing either.

Yes true. But my primary concern about the ftp password was the connection to
me personally. Blaming libcurl for such activities would still be bad of
course, but not as directly connected to me.

However, I would think that most of the possibly "malicious" applications that
use libcurl already set a User-agent to make them appear as some kind of
browser.

Besides, if they do use libcurl then libcurl is what they use and there's not
really much we can do about it and we could in fact help and advice people who
are targeted by "malicious apps" based on libcurl, so perhaps that kind of
advertising isn't necessarily bad.

> Having said that, it might be nice to pre-define some commonly used strings
> somewhere in the libcurl headers,

While certainly very easy to add, does anyone really want them?

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html