Logging is not as useful as it could be

[jech]

Polipo's logging is ad-hoc, and not as useful as it should be. Note however that we don't want to allow logging of all requests, since that would make the life of fascist system administrators too easy.

[leggewie]

I thought that it was usually assumed that polipo is generally used by one person only and has not much in terms of the protections necessary to prevent snooping around what other people are looking at, etc. in a multi-user environment. Wasn't this THE argument that the CVE against polipo was of low severity?

In other words, I don't think this argument of a fascist admin has much weight. Being able to analyze what's going on as part of normal logging would be quite useful, though, I find.

[jech]

I thought that it was usually assumed that polipo is generally used by one person only

That's what it was initially designed for, but Polipo turns out to scale really well, so people are using it for a lot of things. I've heard of a few sites that use a tweaked Polipo for large numbers of users, and I don't want to make it too easy for lazy sysadmins to log everything their users are doing. (If you want to log everything and you're smart enough to know what you're doing, it should be easy enough to patch Polipo.)

[mikelococo]

For what it's worth, I think the description of who will have difficulty due to polipo's choice to disallow request logging is backwards.

• Sysadmins at medium/large sites that choose to use polipo will have an easy time patching Polipo to enable logging or choosing one of the many alternatives that also scale up and have logging by default.
• Folks who are using polipo as a personal proxy, who choose it for it's extremely lightweight memory profile, are disproportionately likely not to be literate in C, or simply not to have the time to maintain lots of patched software on their workstation.

Disabling request logging by default makes sense to me. Making life difficult for admins by putting it at the most-verbose logging level makes sense to me, as it's often impractical to run a large site at the equivalent of "trace" logging without having performance and storage problems. But requiring source-patching seems like it primarily hurts personal users and is unlikely to impact any moderately sized site meaningfully.

[coconitro]

Agree with @mikelococo. Now its after 5 but Im still working because I need to source patch a little piece of software to get the simple functionality of seeing what requests are being made between two of our test systems. So thanks from this lazy fascist admin who just wanted to finish the day at 5.