On Sep 13, 2012 7:48 AM, "Eric Covener" <firstname.lastname@example.org> wrote:
> On Sat, Aug 11, 2012 at 3:51 AM, <email@example.com> wrote:
> > Author: fielding
> > Date: Sat Aug 11 07:51:52 2012
> > New Revision: 1371878
> > URL: http://svn.apache.org/viewvc?rev=1371878&view=rev
> > Log:
> > Apache does not tolerate deliberate abuse of open standards
> I've come around on this one over time. While I appreciate the
> message/intent, I don't think this is reasonable for the default
> configuration because it errs on the side of ditching a privacy header
> and information loss for a (sensitive) header that we're not yet
> interpreting. IMO it's enough even without this specific DNT text:
> "An HTTP intermediary must not add, delete, or modify the DNT header
> field in requests forwarded through that intermediary unless that
> intermediary has been specifically installed or configured to do so by
> the user making the requests. For example, an Internet Service
> Provider must not inject DNT: 1 on behalf of all of their users who
> have not selected a choice."
> I'd like to revert it, but this is not yet a veto. I'd like to hear
> what others think and would appreciate an ACK from Roy/Greg/Jim who
> voted for the backport to avoid any churn.
Microsoft is putting their users at risk, not us. I believe the change should remain.