[Nagiosplug-devel] Guidelines

[Subhendu Ghosh]

On Wed, 1 Jun 2005, Andreas Ericsson wrote:

> I've been going through the plugin guidelines and noticed a couple of weird 
> things and hints in them, for example;
>
> * "Print only one line of text"
> This should be changed to "Always make sure the first line of output contains 
> something useful", as it's usually useful to (by default) print any error 
> messages later on so the user sees them when running them from command-line. 
> I'd be happy to print a queuing system for error messages so they can be 
> printed at plugin exit.
>
> * "The plugins are copyrighted by their respective authors", and later on, 
> "The copyright for the changes will then revert to the Nagios Plugin 
> Development Team".
> This second statement is just pure BS anyway, as the signover of copyrights 
> requires a fair amount of paperwork and cannot be automated by a statement on 
> a webpage. If anything, you can force authors to make their changes GPL'd 
> (the GPL already states this explicitly, but it's still a good idea to make 
> it painfully obvious on the webpage). The code submitted to the project *IS* 
> GPL, but may be copyrighted by others. If those others choose to change the 
> copyright of their copy of the code, they cannot make those changes apply 
> retroactively to the code-versions in the nagiosplug repository.
>
> * "Don't execute system commands without specifying their full path".
> The reason given (trojans earlier in the path) is fairly moot given that if 
> someone can add files to any element of the path the game is most certainly 
> lost. It's good for making sure idiots don't write code that wildly spawn 
> external programs though.
>
> * "Validate all input"
> Considering the fact that not a single plugin does this today (unless you're 
> thinking validate_arguments()), this is just a waste of web-space. The fact 
> that the spopen()-enabled plugins run commands on a large array of hosts 
> which produce vastly different output, this turns somewhat impossible.
>
> * "All network plugins should use DEFAULT_SOCKET_TIMEOUT to timeout".
> For many plugins, this is largely meaningless as most of them can calculate 
> how long they will have to run at a maximum before they return CRITICAL 
> anyway (check_tcp with -w and -c flags, check_ping, etc). Having them hung in 
> kernel-space when they'll still return CRITICAL won't make anybody happier.
> This should be changed to "Use DEFAULT_SOCKET_TIMEOUT as default unless a 
> value can be properly calculated".
>
> * "In addition to the reserved options" .... and what follows.
> I notice that there are no less than 4 of the 5 listed "standard" options 
> that are supposed to denote username in one form or another. Please just drop 
> this section entirely, or decide on ONE thing to use. the --url option, 
> currently applying to a single plugin (check_http) isn't exactly what I would 
> call "standard".
>
>
> In addition, it would be nice to see a section called "Don't waste return 
> values just so you can (possibly inaccurately) recalculate them later". 
> Another section, named "Use the appropriate function for the job" would also 
> be nice as well as "Prefer ANSI C over non-standard functions". For reasons 
> to this, take a look at the use of strstr() (which isn't an intrinsic 
> function) being used as strchr() (which IS an intrinsic function) in too many 
> of the plugins, as well as strpbrk(), strspn() and friends.
> All of those new sections could be bundled under "Optimization", which would 
> then incorporate the "Allow sibling call optimizations" and "How To Make Life 
> Easy For The Compiler".
>
> end rant;
>
> Sorry to those of you whom I'm sure took offense. None was actually intended.
>
>

no offense - diff sgml ;) please

-- 
-sg