httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gregg L. Smith" <>
Subject Re: svn commit: r808965 - signature spam and an existing restriction
Date Tue, 01 Sep 2009 19:38:54 GMT
Hi Devs,

A vote of mine does not count but I think I am leaning on a -1 here for 
a couple reasons.

1. in ap_release.h you have placed a restriction on just this sort of thing;

  * "Product tokens should be short and to the point -- use of them for
  * advertizing or other non-essential information is explicitly forbidden."

Granted, if someone wanted to, there is not much you can really do about 
it. What I might find as useful information you might just as well deem 
non-essential. BTW, advertising and essential are misspelled. Does 
handing the user a set of keys to do just this now negate this 
restriction or if it is still of concern, should this be added into the 

2. with mod_security this can already be done with the use of the 
SecServerSignature directive.

3. Not that Netcraft is a scientifically sound survey, I'd still hate to 
see Apache jump off the cliff.

Just a sampling of random thoughts I had when I saw this.

Gregg wrote:
> Author: jim
> Date: Fri Aug 28 17:37:12 2009
> New Revision: 808965
> URL:
> Log:
> And additional ServerTokens improvement...
> Modified:
>     httpd/httpd/trunk/CHANGES
>     httpd/httpd/trunk/docs/manual/mod/core.xml
>     httpd/httpd/trunk/server/core.c

View raw message