Jim Jagielski wrote:
> Sounds like 3 years have not changed the feelings towards
> this. Ideally, we should remove the whole ap_get_server_version/
> ap_get_server_banner re-work as well since, iirc, this was
> all to make it easier for this exact type of change.
---1! (whoops, that's zero :)
Se
On Wed, Sep 9, 2009 at 4:07 PM, Jim Jagielski wrote:
> Sounds like 3 years have not changed the feelings towards
> this. Ideally, we should remove the whole ap_get_server_version/
> ap_get_server_banner re-work as well since,
It is generally useful to separate what information we write to arbit
Sounds like 3 years have not changed the feelings towards
this. Ideally, we should remove the whole ap_get_server_version/
ap_get_server_banner re-work as well since, iirc, this was
all to make it easier for this exact type of change.
In any case, I'll revert as soon as I have some cycles.
Lars Eilebrecht wrote:
>
> My apologies for not responding earlier, but I was busy moving from
> Munich to London last week ...
Understandable, congratulations on what I hope was a successful move,
thanks for responding today.
> As far as I remember, Mads Toftum also voted with a -1.
Yes; altho
On Wed, Sep 9, 2009 at 5:39 AM, Lars Eilebrecht wrote:
> William A. Rowe, Jr. wrote:
>
> > Except that in this case, between Lars offer to "ignore" his vote/veto,
> and
> > the fact that he hasn't responded in 21 months (I also emailed him
> directly
> > last week to ensure he made note of this t
William A. Rowe, Jr. wrote:
> Except that in this case, between Lars offer to "ignore" his vote/veto, and
> the fact that he hasn't responded in 21 months (I also emailed him directly
> last week to ensure he made note of this thread), he apparently does not
> feel strongly enough to either confir
William A. Rowe, Jr. schrieb:
> Guenter, please confirm if you are casting a veto, or in light of this
> earlier discussion and rationale, you are just expressing your standing
> distaste for the patch (which is -0)?
-0
Gün.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
William A. Rowe, Jr. wrote:
>
> Guenter, please confirm if you are casting a veto, or in light of
> this earlier discussion and rationale, you are just expressing your
> standing distaste for the patch (which is -0)?
For the record, I also agree with
William A. Rowe, Jr. wrote:
> Guenter Knauf wrote:
>> Hi,
>> William A. Rowe, Jr. schrieb:
>>> Jim Jagielski wrote:
Lars Eilebrecht wrote:
> According to Jeff:
>
>> A lot of opinions were offered back in August. Some were negative but
>> I don't see anything that looks like a
Guenter Knauf wrote:
> Hi,
> William A. Rowe, Jr. schrieb:
>> Jim Jagielski wrote:
>>> Lars Eilebrecht wrote:
According to Jeff:
> A lot of opinions were offered back in August. Some were negative but
> I don't see anything that looks like a veto.
I voted -1 at that time whi
Guenter Knauf wrote:
> [snip]
> Finally, I would even like to suggest something opposite: let the
> user/admin add a configurable ServerToken with something like
> AddServerToken "String"; I have already years ago hacked such a module
> which is very useful in load balance environments in order to
Hi,
William A. Rowe, Jr. schrieb:
> Jim Jagielski wrote:
>> Lars Eilebrecht wrote:
>>> According to Jeff:
>>>
A lot of opinions were offered back in August. Some were negative but
I don't see anything that looks like a veto.
>>> I voted -1 at that time which is a veto.
>>>
>>> My opinion
point for documenting ServerTokens Off.
>
>
> ---- Original Message ----
> Subject: Re: vote on concept of ServerTokens Off
> Date: Wed, 6 Dec 2006 13:43:49 -0500
> From: Jeff Trawick
> Reply-To: dev@httpd.apache.org
> To: dev@httpd.apache.org
> References: <20061206
Why attach email doesn't work in thunderbird is beyond me...
This was Jeff's starting point for documenting ServerTokens Off.
Original Message
Subject: Re: vote on concept of ServerTokens Off
Date: Wed, 6 Dec 2006 13:43:49 -0500
From: Jeff Trawick
Rep
Jim Jagielski wrote:
> Lars Eilebrecht wrote:
>> According to Jeff:
>>
>>> A lot of opinions were offered back in August. Some were negative but
>>> I don't see anything that looks like a veto.
>> I voted -1 at that time which is a veto.
>>
>> My opinion hasn't changed and I still think that it is
Ruediger Pluem wrote:
>
> On 12/05/2006 07:16 PM, Jim Jagielski wrote:
>> On Dec 5, 2006, at 7:23 AM, Joe Orton wrote:
>>
>>> On Tue, Dec 05, 2006 at 06:39:30AM -0500, Jeff Trawick wrote:
>>>
A lot of opinions were offered back in August. Some were negative but
I don't see anything tha
-0 here.
I don't see the point of earning 20 bytes per request when you can
save many more with mod_deflate or tidying the output. It's not the
job of the webserver. I won't veto it since you might find a use to
this feature if it is implemented, but it's like you also want to let
admins personali
Hi,
what the difference with no header and Header = "Server: Apache" without
version with "prod" args of servertoken...
if is to hide apache version only there no need to modify ServerToken
directive...
if is to hide apache completly ok...it's other problem...
but a security level i'm not sure
On 12/6/06, Henrik Nordstrom <[EMAIL PROTECTED]> wrote:
ons 2006-12-06 klockan 09:38 -0500 skrev Jeff Trawick:
> Why other than ego do we want to make it hard to disable this output?
Technical reason:
Not advertising the brand and version makes it very hard for clients
(user-agents and proxies
On 12/6/06, William A. Rowe, Jr. <[EMAIL PROTECTED]> wrote:
Jim Jagielski wrote:
>>
>> *shrug* but as everyone seems to think that this is a good idea,
>> feel free to ignore my veto.
>>
>
> A Veto is a Veto. If you feel strongly enough about it, then
> it cannot be, and should not be, ignored.
On 12/6/06, Colm MacCarthaigh <[EMAIL PROTECTED]> wrote:
On Wed, Dec 06, 2006 at 01:43:49PM -0500, Jeff Trawick wrote:
> * The Apache HTTP Server project believes that most people who want to
> avoid sending the Server header mistakenly think that doing so may
> protect their server from attacks
Jim Jagielski wrote:
>>
>> *shrug* but as everyone seems to think that this is a good idea,
>> feel free to ignore my veto.
>>
>
> A Veto is a Veto. If you feel strongly enough about it, then
> it cannot be, and should not be, ignored.
/agree - I cast a -0 because I don't like it, don't think we
On Wed, Dec 06, 2006 at 01:43:49PM -0500, Jeff Trawick wrote:
> * The Apache HTTP Server project believes that most people who want to
> avoid sending the Server header mistakenly think that doing so may
> protect their server from attacks based on known flaws in older Apache
> HTTPD releases, when
ons 2006-12-06 klockan 09:38 -0500 skrev Jeff Trawick:
> Why other than ego do we want to make it hard to disable this output?
Technical reason:
Not advertising the brand and version makes it very hard for clients
(user-agents and proxies) to apply workarounds when needed.
As an example Squid
On 12/6/06, Jeff Trawick <[EMAIL PROTECTED]> wrote:
On 12/6/06, Paul Querna <[EMAIL PROTECTED]> wrote:
> This thread is making me sad.
No tears ;) The somewhat bright side is that pushing on this tender
spot until it hurts should at the very least avoid having the same
discussion here for the
On 12/6/06, Paul Querna <[EMAIL PROTECTED]> wrote:
This thread is making me sad.
No tears ;) The somewhat bright side is that pushing on this tender
spot until it hurts should at the very least avoid having the same
discussion here for the next couple of years, and at the most can
avoid a lot
Joshua Slive wrote:
> On 12/6/06, Jeff Trawick <[EMAIL PROTECTED]> wrote:
>
>> We're up to two great answers to disable some output from the server
>> that isn't required by the HTTP protocol anyway:
>>
>> 1) modify the source
>> 2) install third-party module
>
> My support for the idea has nothi
Jeff Trawick wrote:
I know... that's why I asked :)
We're up to two great answers to disable some output from the server
that isn't required by the HTTP protocol anyway:
1) modify the source
2) install third-party module
ROFL. Please add to the list:
3) Start a new apache-httpd fork. "apa
On 12/5/06, Jeff Trawick <[EMAIL PROTECTED]> wrote:
A lot of opinions were offered back in August. Some were negative but
I don't see anything that looks like a veto.
Why do I care personally? I'd like to see an easy resolution to the
common support question which doesn't involve recompiling
> -Ursprüngliche Nachricht-
> Von: Mads Toftum
> Gesendet: Mittwoch, 6. Dezember 2006 15:50
> An: dev@httpd.apache.org
> Betreff: Re: vote on concept of ServerTokens Off
>
>
> On Wed, Dec 06, 2006 at 03:45:54PM +0100, Lars Eilebrecht wrote:
> > So, is th
On 12/6/06, Jeff Trawick <[EMAIL PROTECTED]> wrote:
We're up to two great answers to disable some output from the server
that isn't required by the HTTP protocol anyway:
1) modify the source
2) install third-party module
My support for the idea has nothing to do with improving the operation
o
On Wed, Dec 06, 2006 at 03:45:54PM +0100, Lars Eilebrecht wrote:
> So, is that a -1 or -0?
>
A peanut gallery -1. I feel very strongly about pretending to implement
security measures that does not help one bit.
vh
Mads Toftum
--
http://soulfood.dk
According to Mads:
> On Wed, Dec 06, 2006 at 01:30:26PM +0100, Lars Eilebrecht wrote:
> > I voted -1 at that time which is a veto.
> >
> > My opinion hasn't changed and I still think that it is a very
> > stupid idea to add a "feature" that allows our users to do
> > something which is stupid and
On 12/6/06, Justin Erenkrantz <[EMAIL PROTECTED]> wrote:
On 12/6/06, Jeff Trawick <[EMAIL PROTECTED]> wrote:
> We're up to two great answers to disable some output from the server
> that isn't required by the HTTP protocol anyway:
>
> 1) modify the source
> 2) install third-party module
So, uh,
Jeff Trawick wrote:
>
> We're up to two great answers to disable some output from the server
> that isn't required by the HTTP protocol anyway:
>
> 1) modify the source
> 2) install third-party module
>
Well, as you recall, I voted +1 on the patch. My concern is
that others have concerns (and t
On 12/6/06, Lars Eilebrecht <[EMAIL PROTECTED]> wrote:
According to Jeff:
> A lot of opinions were offered back in August. Some were negative but
> I don't see anything that looks like a veto.
I voted -1 at that time which is a veto.
oops, I didn't read all your messages
--veto-
On 12/6/06, Jeff Trawick <[EMAIL PROTECTED]> wrote:
We're up to two great answers to disable some output from the server
that isn't required by the HTTP protocol anyway:
1) modify the source
2) install third-party module
So, uh, why do we need to make it even easier for them? -- justin
On 12/6/06, Jim Jagielski <[EMAIL PROTECTED]> wrote:
Jorge Schrauwen wrote:
>
> On 12/6/06, Jim Jagielski <[EMAIL PROTECTED]> wrote:
> >
> > Joe Orton wrote:
> > >
> > > The motivation given by the submitter was that he pays per byte served,
> > > it seems entirely reasonable to allow the Server
On 12/6/06, Joe Orton <[EMAIL PROTECTED]> wrote:
The motivation given by the submitter was that he pays per byte served,
it seems entirely reasonable to allow the Server header to be disabled
for such users.
And he has the code. If it's that important, he can change the code.
(Wanna bet he doe
Jorge Schrauwen wrote:
>
> On 12/6/06, Jim Jagielski <[EMAIL PROTECTED]> wrote:
> >
> > Joe Orton wrote:
> > >
> > > The motivation given by the submitter was that he pays per byte served,
> > > it seems entirely reasonable to allow the Server header to be disabled
> > > for such users.
> >
> > Ca
On 12/6/06, Jim Jagielski <[EMAIL PROTECTED]> wrote:
Joe Orton wrote:
>
> On Wed, Dec 06, 2006 at 01:30:26PM +0100, Lars Eilebrecht wrote:
> > According to Jeff:
> >
> > > A lot of opinions were offered back in August. Some were negative
but
> > > I don't see anything that looks like a veto.
>
On Wed, Dec 06, 2006 at 01:30:26PM +0100, Lars Eilebrecht wrote:
> I voted -1 at that time which is a veto.
>
> My opinion hasn't changed and I still think that it is a very
> stupid idea to add a "feature" that allows our users to do
> something which is stupid and absurd.
>
I agree.
vh
Mads T
Joe Orton wrote:
>
> On Wed, Dec 06, 2006 at 01:30:26PM +0100, Lars Eilebrecht wrote:
> > According to Jeff:
> >
> > > A lot of opinions were offered back in August. Some were negative but
> > > I don't see anything that looks like a veto.
> >
> > I voted -1 at that time which is a veto.
> >
>
On Wed, Dec 06, 2006 at 01:30:26PM +0100, Lars Eilebrecht wrote:
> According to Jeff:
>
> > A lot of opinions were offered back in August. Some were negative but
> > I don't see anything that looks like a veto.
>
> I voted -1 at that time which is a veto.
>
> My opinion hasn't changed and I sti
Lars Eilebrecht wrote:
>
> According to Jeff:
>
> > A lot of opinions were offered back in August. Some were negative but
> > I don't see anything that looks like a veto.
>
> I voted -1 at that time which is a veto.
>
> My opinion hasn't changed and I still think that it is a very
> stupid ide
On Wed, 6 Dec 2006 13:30:26 +0100
Lars Eilebrecht <[EMAIL PROTECTED]> wrote:
> According to Jeff:
>
> > A lot of opinions were offered back in August. Some were negative
> > but I don't see anything that looks like a veto.
>
> I voted -1 at that time which is a veto.
>
> My opinion hasn't chan
According to Jeff:
> A lot of opinions were offered back in August. Some were negative but
> I don't see anything that looks like a veto.
I voted -1 at that time which is a veto.
My opinion hasn't changed and I still think that it is a very
stupid idea to add a "feature" that allows our users t
> -Ursprüngliche Nachricht-
> Von: Jeff Trawick
> Gesendet: Mittwoch, 6. Dezember 2006 04:17
> An: dev@httpd.apache.org
> Betreff: Re: vote on concept of ServerTokens Off
>
>
> On 12/5/06, Ruediger Pluem <[EMAIL PROTECTED]> wrote:
> >
> &g
On 12/5/06, Ruediger Pluem <[EMAIL PROTECTED]> wrote:
On 12/05/2006 07:16 PM, Jim Jagielski wrote:
>
> On Dec 5, 2006, at 7:23 AM, Joe Orton wrote:
>
>> On Tue, Dec 05, 2006 at 06:39:30AM -0500, Jeff Trawick wrote:
>>
>>> A lot of opinions were offered back in August. Some were negative but
>
On 12/05/2006 07:16 PM, Jim Jagielski wrote:
>
> On Dec 5, 2006, at 7:23 AM, Joe Orton wrote:
>
>> On Tue, Dec 05, 2006 at 06:39:30AM -0500, Jeff Trawick wrote:
>>
>>> A lot of opinions were offered back in August. Some were negative but
>>> I don't see anything that looks like a veto.
>>>
>>
+1
Roy
On 12/5/06, William A. Rowe, Jr. <[EMAIL PROTECTED]> wrote:
Jeff Trawick wrote:
> A lot of opinions were offered back in August. Some were negative but
> I don't see anything that looks like a veto.
>
> (http://mail-archives.apache.org/mod_mbox/httpd-dev/200608.mbox/[EMAIL
PROTECTED])
>
> A con
On Dec 5, 2006, at 7:23 AM, Joe Orton wrote:
On Tue, Dec 05, 2006 at 06:39:30AM -0500, Jeff Trawick wrote:
A lot of opinions were offered back in August. Some were negative
but
I don't see anything that looks like a veto.
(http://mail-archives.apache.org/mod_mbox/httpd-dev/200608.mbox/%
[
Jeff Trawick wrote:
A lot of opinions were offered back in August. Some were negative but
I don't see anything that looks like a veto.
(http://mail-archives.apache.org/mod_mbox/httpd-dev/200608.mbox/[EMAIL PROTECTED])
A concern with the logging of server version has since been resolved,
but
Jeff Trawick wrote:
> A lot of opinions were offered back in August. Some were negative but
> I don't see anything that looks like a veto.
>
> (http://mail-archives.apache.org/mod_mbox/httpd-dev/200608.mbox/[EMAIL
> PROTECTED])
>
> A concern with the logging of server version has since been res
On 12/5/06, Joe Orton <[EMAIL PROTECTED]> wrote:
On Tue, Dec 05, 2006 at 06:39:30AM -0500, Jeff Trawick wrote:
> A lot of opinions were offered back in August. Some were negative but
> I don't see anything that looks like a veto.
>
> (http://mail-archives.apache.org/mod_mbox/httpd-dev/200608.mbo
On Tue, Dec 05, 2006 at 06:39:30AM -0500, Jeff Trawick wrote:
> A lot of opinions were offered back in August. Some were negative but
> I don't see anything that looks like a veto.
>
> (http://mail-archives.apache.org/mod_mbox/httpd-dev/200608.mbox/[EMAIL
> PROTECTED])
>
> A concern with the lo
A lot of opinions were offered back in August. Some were negative but
I don't see anything that looks like a veto.
(http://mail-archives.apache.org/mod_mbox/httpd-dev/200608.mbox/[EMAIL
PROTECTED])
A concern with the logging of server version has since been resolved,
but implementation of the
58 matches
Mail list logo
