Skip to content

Remove expvars and metric publishing
Compare
Choose a tag to compare
@charlievieth charlievieth released this 24 May 19:45
· 59 commits to master since this release
v0.3.0
03ea723
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

v0.3.0

PR: #76

This release removes the ability to publish stats via expvars and is technically a breaking change as stats are no longer published with expvars.Publish(). There are no changes to the package API, but the export argument to NewStore(sink Sink, export bool) is now ignored.

We are removing expvars because is detrimentally impacts security, performance and reliability.

  • Security: expvars makes the running programs command line arguments available at /debug/vars. Note: passing sensitive information via command line arguments is a bad idea in general.
  • Performance: expvars is meant to be called only from init() functions and re-sorts its vars each time a new one is added. This obviously becomes very expensive when a large number of stats are stored.
  • Reliability: Again, expvars is meant to be called only from init() and will panic with log.Panicln() if a duplicate var name is published. This is hard to guard against: checking for duplicate var names before the call to publish can't protect against vars published by another package; and catching the panic with recover() still leads to erroneous messages written to STDERR (and changing the default output of "log" would be unacceptable side-effect).

Basically, we've been using expvars incorrectly and the best solution is to remove it. If this breaks you, please reach out to us or file an issue and we'll work on a solution.

Assets 2
Loading