On Sep 13, 2012 7:48 AM, "Eric Covener" <covener@gmail.com> wrote:
>
> On Sat, Aug 11, 2012 at 3:51 AM,  <fielding@apache.org> wrote:
> > Author: fielding
> > Date: Sat Aug 11 07:51:52 2012
> > New Revision: 1371878
> >
> > URL: http://svn.apache.org/viewvc?rev=1371878&view=rev
> > Log:
> > Apache does not tolerate deliberate abuse of open standards
>
> I've come around on this one over time.  While I appreciate the
> message/intent, I don't think this is reasonable for the default
> configuration because it errs on the side of ditching a privacy header
> and information loss for a (sensitive) header that we're not yet
> interpreting.  IMO it's enough even without this specific DNT text:
>
> "An HTTP intermediary must not add, delete, or modify the DNT header
> field in requests forwarded through that intermediary unless that
> intermediary has been specifically installed or configured to do so by
> the user making the requests. For example, an Internet Service
> Provider must not inject DNT: 1 on behalf of all of their users who
> have not selected a choice."
>
> I'd like to revert it, but this is not yet a veto.  I'd like to hear
> what others think and would appreciate an ACK from Roy/Greg/Jim who
> voted for the backport to avoid any churn.

Microsoft is putting their users at risk, not us. I believe the change should remain.