Statistics and Instrumentation

Nov 8, 2010 at 9:24 PM

I was think that it'd be interesting to have some stats baked into the system so the community knows how healthy it is. I'm not sure where or what or the implementation, but here's some thinking.  Some of this would require some instrumentation of either the client or the server or both. I'm interested in thoughts around privacy. Like, for example, Google Reader and RSS readers don't warn me that logging is happening, because I'm on the web, and it's implicit.

I'm assumming the gallery would have some public stats like Ohloh does, so everyone can see stats on packages.

My thoughts:

  • REASONABLE: It's nice to know how many calls to List-Package are happening.
  • REASONABLE: It'd be nice to know when a package is downloaded (like an RSS reader knows when an item is read.)
  • LESS REASONABLE?: It'd be nice to know in when a package is used/installed, even if it's download before and installed from a cache. That's a phone home, though.
  • LESS REASONABLE?: It'd be nice to know in what combinations packages are used? Do ELMAH users use NHibernate?

What kinds of stats would an Open Source Project want to see about themselves and how they are used within NuGet? What expectations would the end developer have on what's being sent home? (Like a GET is a GET, but don't send other data without an opt-in).


Nov 8, 2010 at 10:02 PM

We might not instrument List-Package, but we do know how often the OData feed is called which is a pretty good approximation for the number of times List-Package is called.

We can also know when a package is downloaded from the gallery, but we currently wouldn’t know when it’s downloaded from an external URL unless the client does a ping. I asked Pranav to log a bug for that ping. Although the ping is technically a “phone home”, it’s justifiable in that you just asked the server for the package information. Perhaps as part of that information, we don’t send the package hash so that the “phone home” is really a notification that “Hey, I want to install external package Foo, what is its hash?”

I’m not fond of these other phone home ideas though. That makes dealing with privacy much more tricky. Unlike the other cases, it’s implicit that we’re making a request. In this case, you’re taking an action that you wouldn’t rightly expect an internet request.

Nov 17, 2010 at 8:45 PM

From the project owner standpoint, I'd really like to see a list of packages that are using mine as a dependency. It would help in cases where a package isn't set up to use a single version (or range). In those cases I could at least warn them prior to the new release. Just a thought anyway. Also the number of downloads would be greatly appreciated.