httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <>
Subject Re: cvs commit: apache-1.3/src/main http_main.c
Date Fri, 08 May 1998 22:59:31 GMT
>  	Change the default setting of AddVersionPlatform to 'on'.  Jim,
>  	Brian Havard, and Marc think that's better - and if Marc, who is
>  	so security-conscious, thinks it's a good idea that tips me over
>  	to that side as well.

Crikey, what the hell are you guys smoking?  It isn't often that the Apache
folks go out of their way to violate part of the Security section of
the HTTP specification.  This is just plain stupid.  NOBODY needs this
information (aside from those who want to find a particular OS without
tripping any cracker traps). NOBODY wants to give it away.  NOBODY wants
to add another five bytes of overhead to EVERY response just so Netcraft can
observe yet another misleading statistic.  Wake up.


View raw message