2015-05-11 11:56 GMT+03:00 Mark Thomas ma...@apache.org:
On 08/05/2015 23:49, Rémy Maucherat wrote:
2015-05-08 21:14 GMT+02:00 Mark Thomas ma...@apache.org:
I'd like to back-port this but before I do I'd like to hear other
people's views on the following?
- Should it be back-ported to 8.0.x
On 11/05/2015 14:05, Rémy Maucherat wrote:
2015-05-11 14:28 GMT+02:00 Mark Thomas ma...@apache.org:
Which features are you thinking of and are you suggesting they should be
enabled as well?
I vote not enabled :) I'm not a big fan of these security features
usually (just like when my
On 08/05/2015 23:49, Rémy Maucherat wrote:
2015-05-08 21:14 GMT+02:00 Mark Thomas ma...@apache.org:
I'd like to back-port this but before I do I'd like to hear other
people's views on the following?
- Should it be back-ported to 8.0.x
- Should it be enabled by default
- Should it be
On 11/05/2015 13:13, Rémy Maucherat wrote:
2015-05-11 10:56 GMT+02:00 Mark Thomas ma...@apache.org:
The catalyst for work this was reading RFC 7525 [1]. That got me
thinking about similar headers.
In [1] HSTS support is a MUST and using it is a SHOULD. On that basis I
think 9.0.x should
2015-05-11 14:28 GMT+02:00 Mark Thomas ma...@apache.org:
Which features are you thinking of and are you suggesting they should be
enabled as well?
I vote not enabled :) I'm not a big fan of these security features
usually (just like when my browser decides I am stupid and must reject
fake
2015-05-11 10:56 GMT+02:00 Mark Thomas ma...@apache.org:
The catalyst for work this was reading RFC 7525 [1]. That got me
thinking about similar headers.
In [1] HSTS support is a MUST and using it is a SHOULD. On that basis I
think 9.0.x should use it by default unless there is a really good
I'd like to back-port this but before I do I'd like to hear other
people's views on the following?
- Should it be back-ported to 8.0.x
- Should it be enabled by default
- Should it be back-ported to 7.0.x
- Should it be enabled by default
- Should it be back-ported to 6.0.x
- Should it be
2015-05-08 21:14 GMT+02:00 Mark Thomas ma...@apache.org:
I'd like to back-port this but before I do I'd like to hear other
people's views on the following?
- Should it be back-ported to 8.0.x
- Should it be enabled by default
- Should it be back-ported to 7.0.x
- Should it be enabled