On Tue, 28 Nov 2000, you wrote: > James A Sutherland wrote: > > > > Is there any reason for shipping like this, though? > > Yes. Because the core module can process them, and no additional > modules need be loaded.
If this is a requirement, taking a "snapshot" of the pages would do, then include the source in a tarball. Perhaps better to include a link to a proper installation of the docs, though. > > IMO, enabling them by default would be perfectly reasonable. > > No. Lots of people DO NOT want SSIs enabled, and certainly not > by default. Hrm... Personally, I'd provide a link to thttpd for people wanting a minimal cutdown server which does nothing other than serving files :-) > > It also provides a nice example for new users to see how SSI > > works :-) > > Then let them check out a tutorial. Shipping something with > pre-enabled functionality as far-reaching as SSI, particularly > considering the security ramifications, is not a Good Idea. I wouldn't rate SSI (with NoExec) as "far-reaching"; it seems pretty basic from here. I would almost consider not enabling it to be a bug in the default httpd.conf... At the very least, it should be more obvious (and simpler) to enable. James.