© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Yeah, sorry for the slanderous tone about mismanagement.
I just want to respond to this:
> Security through obscurity has never been a fantastic idea
This is *not* security through obscurity. I already pointed that out in comment 30. "security through obscurity" means that you leave security holes open in the hope that nobody will discover them. In other words, obscurity is no *replacement* for security. However, obscurity *can* indeed help as an *added* bonus, everything else being equal. I argue that not openly advertizing which security holes you are vulnerable to (given that the UA string decision will not affect user update decisions, i.e. security doesn't change) is an "added bonus".
I also don't think that whether attackers use it today or not is an overriding reason, just that it's possible and would help them avoid unnecessary detection.