From dev-return-53334-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org Mon May 08 14:39:38 2006 Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 30178 invoked from network); 8 May 2006 14:39:33 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 8 May 2006 14:39:33 -0000 Received: (qmail 48702 invoked by uid 500); 8 May 2006 14:39:28 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 48651 invoked by uid 500); 8 May 2006 14:39:28 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 48634 invoked by uid 99); 8 May 2006 14:39:28 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 08 May 2006 07:39:28 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: neutral (asf.osuosl.org: local policy) Received: from [80.229.52.226] (HELO asgard.webthing.com) (80.229.52.226) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 08 May 2006 07:39:27 -0700 Received: from asgard (asgard [192.168.10.2]) by asgard.webthing.com (Postfix) with ESMTP id E7D8264556 for ; Mon, 8 May 2006 15:39:06 +0100 (BST) From: Nick Kew Organization: WebThing Ltd To: dev@httpd.apache.org Subject: Re: Laying undead myths to rest Date: Mon, 8 May 2006 15:39:04 +0100 User-Agent: KMail/1.8.3 References: <200605081317.33582.nick@webthing.com> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200605081539.06111.nick@webthing.com> X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N On Monday 08 May 2006 14:25, Joshua Slive wrote: > On 5/8/06, Nick Kew wrote: > > There are a few undead "apache myths" still floating around, > > due to clueless third-party tutorials. I wonder if there's any value > > in countering these zombies with specific notes in our documentation. > > > > Here's an example patch of the kind I have in mind: > > There isn't much hope to fight this sort of thing when it is still the > only recommended configuration in the php docs: If we explain that that's been wrong for 10 years, it might just induce those ****s to fix their documentation. We have other zombies to slay, but thankfully things like misuse are mostly faded, and "htaccess == password protection" has lost much of its force. Magic AddType is out there on its own because we do nothing *active* to counter it, and someone else who is widely assumed to know what they're talking about continues to feed it. -- Nick Kew