Re: Web application licenses

To: debian-legal@lists.debian.org
Subject: Re: Web application licenses
From: Edmund GRIMLEY EVANS <edmundo@rano.org>
Date: Tue, 3 Aug 2004 09:40:12 +0100
Message-id: <[🔎] 20040803084012.DA0l+0.aG2Jtn@rano.org>
In-reply-to: <[🔎] 410F211F.5010107@verizon.net>
References: <4109C998.9010209@verizon.net> <20040730.072639.41633267.wlandry@ucsd.edu> <410A6D20.8000108@verizon.net> <20040730.135915.07648326.wlandry@ucsd.edu> <410ABB3A.1080304@verizon.net> <[🔎] 874qnl4jf4.fsf@aule.evenmere.org> <[🔎] 410F211F.5010107@verizon.net>

Josh Triplett <josh.trip@verizon.net>:

> > But standard advice on network security is *not* to advertise specific
> > banners.  I don't think much of that advice, but I sure do see a lot
> > of it.  Is it free to make this kind of requirement of users of the
> > software, that they ignore good security practice?
> 
> If your network would be insecure if someone knew the versions of
> software you run, then your network is insecure.

Security isn't just a binary quality. In particular, you should worry
about someone (or a worm) using a search engine or scan of IP
addresses to find vulnerable machines. So, if you do advertise your
software version on a web page, it's probably helpful to tell Google,
etc not to index that page, and if you put the information in a form
that makes it harder to automatically query, that might help, too.

Reply to:

Follow-Ups:
- Re: Web application licenses
  - From: Raul Miller <moth@debian.org>

References:
- Re: Web application licenses
  - From: Brian Thomas Sniffen <bts@alum.mit.edu>
- Re: Web application licenses
  - From: Josh Triplett <josh.trip@verizon.net>

Prev by Date: Re: Free non-software stuff and what does it mean. [was Re: General Resolution: Force AMD64 into Sarge]
Next by Date: Re: Web application licenses
Previous by thread: Re: Web application licenses
Next by thread: Re: Web application licenses
Index(es):
- Date
- Thread