[prev in list] [next in list] [prev in thread] [next in thread] 

List:       busybox
Subject:    Re: [PATCH 2/4] httpd: Don't add Date header to response
From:       Guillermo Rodriguez Garcia <guille.rodriguez () gmail ! com>
Date:       2020-09-01 10:24:08
Message-ID: CABDcavYb+-BO0UAXo+Eiwxm6---pq2caLLhK-LF+S25MnaV2Lw () mail ! gmail ! com
[Download RAW message or body]

Hi Sergey,

I think you are missing my point.
What I provided are examples only. You looked at these and concluded
that this specific case was due to ISPs disabling NTP a few years ago,
and also concluded that this only affected a "small amount of users"
(not sure how you reached this conclusion) and thus "we are safe
here".

But that is not the point. The point is that since the Date header is
mandated by the RFC, clients may (rightfully) rely on it being there,
and may be using it in ways that you are not aware of. Your initial
analysis where the Date header is "only useful for caching" is
incomplete. Regardless of what was the initial rationale for including
this header, the fact is that you do not (and cannot) know how people
may actually be using it.

I think disabling this is a bad idea. Regarding this:

> Anyway, the Date header is still compiled by default but those who don't need it may disable it.

Yes but the help text should make it clear that disabling this may
break clients.
The help text you added says that the header is mandatory according to
the RFC, but that "it is almost useless and can be omitted". The
latter statement is not based on facts, but just your personal
opinion.

Guillermo Rodriguez Garcia
guille.rodriguez@gmail.com
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]