Re: Web application licenses
On Mon, Aug 02, 2004 at 10:22:39PM -0700, Josh Triplett wrote:
> > But standard advice on network security is *not* to advertise specific
> > banners. I don't think much of that advice, but I sure do see a lot
> > of it. Is it free to make this kind of requirement of users of the
> > software, that they ignore good security practice?
>
> If your network would be insecure if someone knew the versions of
> software you run, then your network is insecure.
In practice, you're both right: security by obscurity, alone, isn't secure,
but in practice it's a very real gain to not advertise immediately what
your set of bugs are--if it gives you five more minutes to respond to a
security advisory, then it's a win.
I won't overgeneralize; some free licenses do place restrictions on security-
related decisions (the GPL prevents me from adding some security-related
features and not releasing the source for the above reason), but I don't
think it's a good thing in general. I should decide my security philosophy,
not anyone else.
--
Glenn Maynard
Reply to: