httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 53845] Remove DNT settings from httpd.conf
Date Tue, 11 Sep 2012 19:57:23 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=53845

Max Lohrmann <post@wickenrode.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|WONTFIX                     |---

--- Comment #6 from Max Lohrmann <post@wickenrode.com> ---
I deeply excuse myself if my wording has offended you - such is an inherit risk
in intercultural communication that I do not always pay attention to.
I am neither a troll nor did I commit libel (I can assure you that I would not
use my name if I wanted to do this). Take a look at my wording:

> So all we can do is assume what right now everyone assumes and some openly says: 

I just repeated what was the general tone in the thread linked in the first
comment.
As you can very well see from the rest of the comment on technical arguments.

Also let me make clear that I have no interest in protecting Microsoft or the
like. I never used IE other than for testing in the last 8 years and I have no
plans to change that.

Let's split arguments into groups to make it clearer:

1. Execution of the patch
2. Applicability to Apache
3. Impact on DNT/Apache
4. Reasons for this patch

I see that #4 is not part of this discussion, so I will stop mentioning it.

Execution of the patch:

I stand by what I have said above.
- The comment is pretentious* and in no way helpful. Just take a look at the
comments in the httpd-dav.conf or httpd-ssl.conf file for comparison.
- Your configuration also removes the DNT header if it is set to 0 which can
only happen if it is explicitly set that way.

* (Please note that pretentious purely refers to the what the comment says and
was never targeted at you)

These issues need to be addressed in any case because the default configuration
is part of the documentation where the goal is to explain WHY something is done
and this serves as a bad example.

Applicability to Apache:

Again, I stand by what I have said, twice.
* Apache is the wrong point to add this setting. DNT does only matter for a
very small subset of servers (ie those of ad agencies) so this will 1) result
in unnecessary processing for most installations and 2) The DNT header will
only be processed at a higher level (eg. PHP) where this check could be made.
With this setting Apache is 'stealing' information from the actual processing
logic that will handle the DNT header.
* Whether DNT should default to 0 or 1 [let's face it: there will always be a
default unless you require the user to set this on first launch of the browser
with only the buttons "Enable", "Disable" and "Quit Browser" - which will not
happen] is something to decide by the specification, not by Apache.

Impact on DNT/Apache:

* I still remember the time when Microsoft ran ad campaigns against OSS (I
think the last one was 2008 or so) with slogans like "Do you know who is
developing OSS? Everyone can put a virus or spyware in there" or "With
thousands of people messing with the code you can never be sure what you get".
It took us years to disprove those claims and get the message across that in
general OSS is more stable and secure BECAUSE it is open to everyone.
What this patch does (and I'm talking about someone who will only see the patch
inside Apache, not the discussion surrounding it) is proving every flagrant
claim by MS to be true, because what they see is IE being excluded for some
unexplained reason.
This is doing real damage to Apache right now in the media.
I deeply care about this issue as I am a user of Apache and myself active in
the open source community. I would like to hear how you think about this.

* Also let me show you another view on the impact of this patch (I'm not
advocating this, just saying that it might happen): Until now everything in the
media that has been said about the impact of DNT was pretty much hot air and
speculation. This patch is the first thing to actually create facts. As I have
said before now everone can go "Well, it doesn't matter what you set for DNT,
all sites will ignore it either way". As such this might be more damaging to
DNT than it would actually help it.

Best regards

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message