On Tue, Aug 03, 2004 at 09:40:12AM +0100, Edmund GRIMLEY EVANS wrote: > Security isn't just a binary quality.
[Can't sleep, trying to find something boring enough to fix that. Didn't quite work...] Security is not always the same thing from one person to the next. Ok, sure, some things are fairly obvious for almost everyone (buffer overflows are bad security -- more generally, anything where "what the computer does" is different from "what the responsible person thinks the computer is doing" is bad), but... I'm tempted to bring in Ben Franklin's quote about temporary security. That said, the concept of "http headers must say apache 1.36" is so far out of line from free software that it's almost irrelevant. Even if we somehow allowed a requirement to announce specific information about version, a requirement that the software couldn't be upgraded to some locally defined version would make it non-free. -- Raul