httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 53845] Remove DNT settings from httpd.conf
Date Mon, 10 Sep 2012 13:58:45 GMT

--- Comment #4 from Max Lohrmann <> ---
>  Apache chose to do so

No, Apache has not chosen to do so.
YOU (or your superior at Adobe) have chosen to do so purely on your PERSONAL

This is a clear abuse of your power and a glaring breach of open source
development principles.

The default Apache configuration should show a way to go and present an
environment that is useable for most users.
What you did is exactly the opposite: Creating a default environment that is
not usable (and so only of political reasons). THIS is just the same as if
Apache would redirect every IE user to a page with the text "Get a better
browser, noob!".

But please, in case you did not read my initial post, let me reiterate my

- This setting is in now way useful to 99,99% of the installed Apache user base
and as such DOES NOT QUALIFY as a default setting. It will only cause
additional processing costs that are not justifiable.

- Apache has absolutely no profit from handling the DNT setting. It will only
be handled at higher levels (PHP, CGI, etc.) where the actual 'tracking' logic
would be. Therefore this is an invalid manipulation of the request.

- This setting also excludes people who explicitly WANT TO USE DNT. This is the
absolutely WORST CASE that could happen. Not only it is logically insane to
assume that people who have a privacy setting enabled did not want it, it is
also direct hit in the face of those who DO care.
You can always do what you want to people who don't care, but doing the
opposite of that what people who care wish is insulting, damaging Apaches
reputation right now in the media and will lead to legal problems if DNT could
be enforced by law.

And also:
You might know the quote "If I tomorrow say 'I won't do any political comments
anymore' then this is a political comment"?
The same goes for defaults: There is ALWAYS one.
That default is either 0 or 1 - you cannot not have a default as I have said

> [let's face it: there will always be a default unless you require the user to set this
on first launch of the browser with only the buttons "Enable", "Disable" and "Quit Browser"
- which will not happen]

(If there is no setting and the browser does not send the header at all it just
means the decision about the default is up to the remote end and common sense
tells us already what that means...)

Roy, up to now you have not shown any technical or logical argument that
justifies the change in commit 1371878.
So all we can do is assume what right now everyone assumes and some openly
says: Adobes largest customer are ad agencies and as such you have a major
interest in the DNT standard failing - which you have brought us quite a bit
closer to, now that everyone can say "Well, it doesn't matter what you set for
DNT, all sites will ignore it either way".

Apart from that the execution of this 'patch' is just purely bad:
- The comment is pretentious and in no way helpful. Just take a look at the
comments in the httpd-dav.conf or httpd-ssl.conf file for comparison.
- Your configuration also removes the DNT header if it is set to 0 which can
only happen if it is explicitly set that way.

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message