[PATCH 2/4] httpd: Don't add Date header to response
Guillermo Rodriguez Garcia
guille.rodriguez at gmail.com
Tue Sep 1 10:24:08 UTC 2020
Hi Sergey,
I think you are missing my point.
What I provided are examples only. You looked at these and concluded
that this specific case was due to ISPs disabling NTP a few years ago,
and also concluded that this only affected a "small amount of users"
(not sure how you reached this conclusion) and thus "we are safe
here".
But that is not the point. The point is that since the Date header is
mandated by the RFC, clients may (rightfully) rely on it being there,
and may be using it in ways that you are not aware of. Your initial
analysis where the Date header is "only useful for caching" is
incomplete. Regardless of what was the initial rationale for including
this header, the fact is that you do not (and cannot) know how people
may actually be using it.
I think disabling this is a bad idea. Regarding this:
> Anyway, the Date header is still compiled by default but those who don't need it may disable it.
Yes but the help text should make it clear that disabling this may
break clients.
The help text you added says that the header is mandatory according to
the RFC, but that "it is almost useless and can be omitted". The
latter statement is not based on facts, but just your personal
opinion.
Guillermo Rodriguez Garcia
guille.rodriguez at gmail.com
More information about the busybox
mailing list