>> It *IS* off by default. I have yet to see an OpenBSD machine that I >> can install that >> will come up with httpd turned on. > > We are not talking about the same thing. I understand that httpd is off > by default. The *option* is on by default in the config file. >
Yes we are, while we are at it we can ship an http.conf file that wil only listen on port 8000 on localhost when the daemon comes up as well, and that would be super obscure as well, and it would only read index files ending in .HolyFuck, and we'd ship a mime types where HolyFuck was html, so people accidentally didn't put html files in there without changing the mime types, etc etc. etc. We could make it where a user would have to change 15 files in order to make the thing come up listening on port 80 and just serve index.html. And would you have improved anyone's security? absolutely not - you'd have made a turdshining change that makes it more difficult to use, makes people have to change more stuff to make it useful when they are *not* being stupid. You'd have also decresed security - why? You'd have made it where more people simply install a full featured and full blown default configuration of apache2 or worse on the system rather than make those 15 little tweaks to turn everything on. Off is off. don't make it where you have to turn 80000 knobs to turn something on. because you wanted it "more off".
