On 2010-05-19 at 08:25:31, Ondřej Surý wrote: > I don't agree with you (however not much strongly). Security by > obscurity never worked and I am oposed of applying this patch. Hiding > version makes life harder for everybody else but attacker.
Hi Ondřej, I certainly agree with you that this is not a real security mechanism, however, why make it easy on the dump automated scanners? What do people use these numbers for? I mean sure developers are the ones who are (occasionally) interested in exact version numbers, but on balance, I get the feeling that in a production environment, the numbers are more likely to be used for nefarious purposes. In any case, we're talking about the default value, interested developers can probably change them. Personally, as a Debian user, I have the expectation that Debian will choose (slightly) more secure values by default. Anyways, even though I disagree with this specific default value, I will respect your decision and this bug will be a record that: the option exists and that it has already been reported (I couldn't find one before I filed this one). Cheers, Francois -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org