Return-Path: owner-new-httpd
Received: by taz.hyperreal.com (8.6.12/8.6.5) id QAA00408;
 Thu, 27 Jul 1995 16:27:03 -0700
Received: from eat.organic.com by taz.hyperreal.com (8.6.12/8.6.5) with ESMTP
 id QAA00402; Thu, 27 Jul 1995 16:27:01 -0700
Received: (from brian@localhost) by eat.organic.com (8.6.11/8.6.9) id
 QAA21540; Thu, 27 Jul 1995 16:27:04 -0700
Date: Thu, 27 Jul 1995 16:27:03 -0700 (PDT)
From: Brian Behlendorf <brian@organic.com>
Subject: Re: SERVER_SOFTWARE
To: new-httpd@hyperreal.com
In-Reply-To: <9507271634.AA17406@www.elsevier.co.uk>
Message-ID: <Pine.3.89.9507271645.E24264-0100000@eat.organic.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-new-httpd@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org

On Thu, 27 Jul 1995, Andrew Wilson wrote:
> 	this is just a thought prompted by Paul Richards.  It'd be kind of
> nice to figure out what OS people are running their server on.

Many would consider this a security hole, and most internet daemons have 
removed this information (i.e. wu-ftpd, sendmail, etc).  The recent spat 
of "Olga" messages made themselves untraceable by specifically going 
through broken IBM VMS mailers who trusted whatever the client told them 
in the HELO message.  I'd consider putting information about extensions 
in there a security hole too, perhaps even worse.  Just a note of 
caution, I wouldn't veto it but I wouldn't +1 it either.

	The Anal Retentive Computerist

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com  brian@hyperreal.com  http://www.[hyperreal,organic].com/