Josh Triplett <[EMAIL PROTECTED]>: > > But standard advice on network security is *not* to advertise specific > > banners. I don't think much of that advice, but I sure do see a lot > > of it. Is it free to make this kind of requirement of users of the > > software, that they ignore good security practice? > > If your network would be insecure if someone knew the versions of > software you run, then your network is insecure.
Security isn't just a binary quality. In particular, you should worry about someone (or a worm) using a search engine or scan of IP addresses to find vulnerable machines. So, if you do advertise your software version on a web page, it's probably helpful to tell Google, etc not to index that page, and if you put the information in a form that makes it harder to automatically query, that might help, too.
