You know that you can un-set the generator in template:

<?php $this->setGenerator(null); ?>

I believe that this option would be in the global settings of joomla

Personally, I'd say the generator tag is the least of my concerns as far as security goes. Identifying Joomla sites is rather easy without the generator tag. Just off hand:

• HTTP request to <site>/administrator/manifests/files/joomla.xml or any known XML file path (that can get you a version number if access is allowed)
• Parse the rendered HTML of a site and look for /media/jui, /media/system, or JCaption (common media elements included in a page's markup)
• Check if /images/sampledata exists (folder with sample data imagery in the default install)

This discussion has come up a few times with opinions leaning both ways. At the end of the day though, as noted above, it's easy to remove the tag if you really don't want it on your site.

With all that said, I am also closing this pull request as it is invalid (there is no code being offered by the original poster, but rather this is a PR merging our 3.3 branch to staging). If you would like to contribute code for this, you are welcome to do so, or you can raise a new discussion on the CMS Mailing List.