> On Fri, 12 Mar 2010 16:05 -0700, "Bob Beck" <[email protected]> wrote: > > On 12 March 2010 12:53, Brad Tilley <[email protected]> wrote: > > > On Fri, 12 Mar 2010 10:10 -0800, "patrick keshishian" > > > <[email protected]> wrote: > > >> does disabling this option /really/ improve security? > > > > > > No, not unless you consider keeping files that are > > > inappropriately/accidentally copied to these directories a security > > > issue. It seems inline with OpenBSD's off by default posture, that is > > > the only reason I suggested it. > > > > It *IS* off by default. I have yet to see an OpenBSD machine that I > > can install that > > will come up with httpd turned on. > > We are not talking about the same thing. I understand that httpd is off > by default. The *option* is on by default in the config file.
I disagree strongly.
