Make CTCP handlers optional

[nmeum]

The default CTCP handlers are currently registered unconditionally in client.New. The CTCP handlers disclose quite a few things, e.g. current Time (through handleCTCPTime) and operating system, architecture and girc version (through handleCTCPVersion).

IMHO it would be nice if these handlers could be disabled. For instance through a new Config option.

[lrstanley]

Those handlers can be disabled, by overriding them (registering something on top of it). There are no plans to remove the defaults, for a few reasons. It's a courtesy to folks running irc servers. With this information, they can better target malicious users, better understand the user-base connecting (and the clients they are using). It's also much like http servers sending the software name and version as a http response header, or (almost all) http clients sending their user-agent when making calls.

All of these things are a courtesy, as well as a credit to the library. Yes, there will always be a security concern when you are providing even the smallest of information about the host machine (if this is what you were getting at). If someone doesn't want to expose these, they can override them, much like you can override the user-agent header using the curl cli.

[nmeum]

There are no plans to remove the defaults […]

I am not proposing a change of the defaults. I am just saying: It would be easier to disable all CTCPs handlers through an additional configuration option (in the Config struct) instead of forcing users to overwrite all 6 default handlers manually.

If you really object adding an additional configuration option I would at least suggest adding a method for removing all registered CTCP handlers (CTCP.ClearAll() unfortunately readds the default handlers). That would make it way easier to disable them and would also be a more reliable way of doing so in case new handlers are added in the future etc.

[lrstanley]

It would be easier, but I don't want to promote the option to remove defaults, only override. No defaults should be added in the future, unless a new spec defines CTCP's that should be used by default for clients. The reason I don't, is again, courtesy -- much like browsers, http clients, etc. They rarely have the option to remove, only update. If you don't want them, feel free to change them to something else -- I would recommend at least giving some information so servers can identify the origin.