From: Greg Stein <gstein@apache.org>
Date: Tue, 7 May 2002 19:21:49 +0000 (+0000)
Subject: bleh... bad idea.
X-Git-Tag: 2.0.37~457
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e1da88a1dfe604160c426212feb2a3ef6d4c6c6b;p=apache

bleh... bad idea.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95003 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index 9705b1c282..b5f64f1508 100644
--- a/STATUS
+++ b/STATUS
@@ -1,5 +1,5 @@
 APACHE 2.0 STATUS:                                              -*-text-*-
-Last modified at [$Date: 2002/05/07 18:22:59 $]
+Last modified at [$Date: 2002/05/07 19:21:49 $]
 
 Release:
 
@@ -88,6 +88,19 @@ CURRENT VOTES:
       to the config. Possibly go one step further and add a option
       to just report '2.0' instead of '2.0.x'
       +1:   IanH, BrianP
+      -1: Greg
+         I use the default response all the time to verify that a
+	 module is present and at the proper version. This information
+	 is also very handy for the module surveys, to determine what
+	 modules are out there and in prevalent use (see
+	 securityspace.com; frickin' JServ is still increasing in
+	 numbers!). Security conscious people can change this on their
+	 own, when required. Removing the information doesn't remove
+	 any future vulnerabilities. Assuming that a vulnerability
+	 occurred, I highly doubt that somebody would actually bother
+	 to *test* the version reported in the response before
+	 attempting to use the vulnerability, so trying to hide the
+	 information isn't all that useful.
 
 RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
     * Get mod_cache/mod_mem_cache out of experimental (still some