httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <>
Subject Re: cvs commit: apache-1.3/src/main http_main.c
Date Fri, 08 May 1998 23:42:05 GMT
On Fri, 8 May 1998, Roy T. Fielding wrote:

> >  	Change the default setting of AddVersionPlatform to 'on'.  Jim,
> >  	Brian Havard, and Marc think that's better - and if Marc, who is
> >  	so security-conscious, thinks it's a good idea that tips me over
> >  	to that side as well.
> Crikey, what the hell are you guys smoking?  It isn't often that the Apache
> folks go out of their way to violate part of the Security section of
> the HTTP specification.  This is just plain stupid.  NOBODY needs this
> information (aside from those who want to find a particular OS without
> tripping any cracker traps). NOBODY wants to give it away.  NOBODY wants
> to add another five bytes of overhead to EVERY response just so Netcraft can
> observe yet another misleading statistic.  Wake up.

That's nice.

What, you going to try popping your head in again after the fact, after
something has been discussed to death and agreed on without presenting any

I don't think it is a "good" idea, but I can find no security objections
to it and can find more than one helpful debugging purpose.

View raw message