Josh Triplett <[EMAIL PROTECTED]> writes: > Hmmm, good point. That goes back to the problem regarding Debian not > keeping old versions around. I had imagined that the user could usually > just point to their distributor unless they personally changed the > software, but that doesn't cover the case when that distributor no > longer distributes.
It also has privacy and security implications. I can't just say "This is apache, get it from apache.org." I have to say "This is apache version 1.3.26 with the following plugins..." and I need to do it in a way accessible to anyone using the software -- even if all I serve them is a "buzz off, you're unauthenticated" page. But standard advice on network security is *not* to advertise specific banners. I don't think much of that advice, but I sure do see a lot of it. Is it free to make this kind of requirement of users of the software, that they ignore good security practice? -Brian -- Brian Sniffen [EMAIL PROTECTED]
