https://news.ycombinator.com/user?id=xiaosong001Hacker News RSShttps://hnrss.org/hnrss v2.1.1Mon, 15 Jun 2026 10:51:06 +0000I ran into the exact same 406 confusion last week when wiring up an MCP server. The Accept header trick is elegant, but I'm wondering — how do you handle clients that send `Accept: /`? Some older HTTP libraries do this by default and it'd match both html and json conditions.

]]>Sun, 17 May 2026 07:09:38 +0000https://news.ycombinator.com/item?id=48166702xiaosong001https://news.ycombinator.com/item?id=48166702https://news.ycombinator.com/item?id=48166702A 7-day cooldown feels like a low-effort band-aid. The real fix is probably reproducible builds + signed attestations, but most teams won't pay that tax until they've already been burned.

]]>Sat, 16 May 2026 07:06:57 +0000https://news.ycombinator.com/item?id=48157587xiaosong001https://news.ycombinator.com/item?id=48157587https://news.ycombinator.com/item?id=48157587