Re: Web application licenses
- To: Josh Triplett <josh.trip@verizon.net>
- Cc: debian-legal@lists.debian.org
- Subject: Re: Web application licenses
- From: Brian Thomas Sniffen <bts@alum.mit.edu>
- Date: Mon, 02 Aug 2004 12:02:55 -0400
- Message-id: <[🔎] 874qnl4jf4.fsf@aule.evenmere.org>
- In-reply-to: <410ABB3A.1080304@verizon.net> (Josh Triplett's message of "Fri, 30 Jul 2004 14:18:50 -0700")
- References: <4109C998.9010209@verizon.net> <20040730.072639.41633267.wlandry@ucsd.edu> <410A6D20.8000108@verizon.net> <20040730.135915.07648326.wlandry@ucsd.edu> <410ABB3A.1080304@verizon.net>
Josh Triplett <josh.trip@verizon.net> writes:
> Hmmm, good point. That goes back to the problem regarding Debian not
> keeping old versions around. I had imagined that the user could usually
> just point to their distributor unless they personally changed the
> software, but that doesn't cover the case when that distributor no
> longer distributes.
It also has privacy and security implications. I can't just say "This
is apache, get it from apache.org." I have to say "This is apache
version 1.3.26 with the following plugins..." and I need to do it in a
way accessible to anyone using the software -- even if all I serve
them is a "buzz off, you're unauthenticated" page.
But standard advice on network security is *not* to advertise specific
banners. I don't think much of that advice, but I sure do see a lot
of it. Is it free to make this kind of requirement of users of the
software, that they ignore good security practice?
-Brian
--
Brian Sniffen bts@alum.mit.edu
Reply to: