Well, this is not the case actually. I would ship an _open_ Linotype (yeah, no username/password) and instruct people to protect it using their favourite strategy. This is, after all, what well-behaved Apache applications do: auth belongs to <Directory> or .htaccess.
This is what I do for our webapps on simile.mit.edu and I think it makes perfect sense, but this different from what Ugo was talking about.
-- Stefano.
smime.p7s
Description: S/MIME Cryptographic Signature
