On Sep 13, 2012 7:48 AM, "Eric Covener" <cove...@gmail.com> wrote: > > On Sat, Aug 11, 2012 at 3:51 AM, <field...@apache.org> wrote: > > Author: fielding > > Date: Sat Aug 11 07:51:52 2012 > > New Revision: 1371878 > > > > URL: http://svn.apache.org/viewvc?rev=1371878&view=rev > > Log: > > Apache does not tolerate deliberate abuse of open standards > > I've come around on this one over time. While I appreciate the > message/intent, I don't think this is reasonable for the default > configuration because it errs on the side of ditching a privacy header > and information loss for a (sensitive) header that we're not yet > interpreting. IMO it's enough even without this specific DNT text: > > "An HTTP intermediary must not add, delete, or modify the DNT header > field in requests forwarded through that intermediary unless that > intermediary has been specifically installed or configured to do so by > the user making the requests. For example, an Internet Service > Provider must not inject DNT: 1 on behalf of all of their users who > have not selected a choice." > > I'd like to revert it, but this is not yet a veto. I'd like to hear > what others think and would appreciate an ACK from Roy/Greg/Jim who > voted for the backport to avoid any churn.
Microsoft is putting their users at risk, not us. I believe the change should remain.