Re: svn commit: r40009 - branches/1.6.x

From: Mark Phippard <markphip_at_gmail.com>
Date: Wed, 14 Oct 2009 12:56:53 -0400

On Wed, Oct 14, 2009 at 12:48 PM, Greg Stein <gstein_at_gmail.com> wrote:
> On Wed, Oct 14, 2009 at 09:32, Mark Phippard <markphip_at_gmail.com> wrote:
>> Some would also call it a security fix.
>
> Anybody that calls this a "security fix" needs to permanently removed
> from handling the security of their server.

There are plenty of users that have to pass security audits that
considers any server application that advertises its version as at
least violating a best practice. In this case, the US Government is
asking for this as part of deploying Subversion on government servers.

I have no interest in debating the merits of this. Apache httpd
obviously considered it valid when they added a directive to turn this
off. If a server admin is using this directive, it seems reasonable
for Subversion to not overtly advertise its version number.

-- 
Thanks
Mark Phippard
http://markphip.blogspot.com/
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=2407644

Received on 2009-10-14 18:57:07 CEST

This message: [ Message body ]
Next message: Hyrum K. Wright: "Re: svn commit: r40029 - branches/1.6.x/subversion/po"
Previous message: Greg Stein: "Re: svn commit: r40009 - branches/1.6.x"
In reply to: Greg Stein: "Re: svn commit: r40009 - branches/1.6.x"
Next in thread: Greg Stein: "Re: svn commit: r40009 - branches/1.6.x"
Reply: Greg Stein: "Re: svn commit: r40009 - branches/1.6.x"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]