httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Darryl Miles <darryl-mailingli...@netbauds.net>
Subject Re: [PATCH 40026] ServerTokens Off
Date Sun, 13 Aug 2006 02:48:47 GMT
Joshua Slive wrote:
> <note>Setting <directive>ServerTokens</directive> to less than
> <code>minimal</code> is not recommended because it makes it more
> difficult to debug interoperational problems.</note>
> 
> And my +1 isn't very strong.  I have no problem with saying that this
> small bit of advertising is the tiny price that you pay for using our
> free software.  But just to make this never-ending issue go away, I'd
> say put it in.

I should also be pointed out in the documentation that those thinking of 
setting it to "Off" for the purpose of security by obscurity (for hiding 
of implementation and version number) should realize that this concept 
has no technical merit in the HTTP server situation.  Call this an 
education clause in the documentation which may head off inappropriate 
usage by less clueful users.

With regards to "the price that you pay ..." I take it that you are 
reading it from the karma equalization policy not in any legal policy 
since one of the fundamental points of the Apache Foundation is that 
advertisement is not one of the prices you pay.


Darryl

Mime
View raw message