paul dansing wrote:
lighttpd just fixed a remote hole (case insensitive file systems) in
the CURRENT VERSION!
Does this inspire confidence? I mean for fck sake, the version just
before they fixed %00 append bug! Next thing they will discover
directory traversal. o_O YEAH, yeah I want this FINE PIECE OF
SOFTWARE running on my production servers. Bummer too, because the
hype had it sounded pretty cool until I realized how recent those
remote holes were :(
I didn't put a judgment on the quality of the software, but it is not as
bad as you want to make it look like, plus you would be surprise how
many developers are running it anyway.
If it ever make it to the default install, don't you think there would
be a nice audit on it first? I am not putting it down, I simply stated
the BSD license oppose to the new more restrictive Apache to answer the
question, that's all.
In the end, I fully trust that if anyone from the project put it in,
they will have looked at the implications of it and I fully trust their
judgments!
I have to say, if Apache would ever be release, I would love to see the
replacement be part of the kernel if you asked me. Benchmark on web
server built in kernel are just amazing!
But again, I am not talking for the project, nor would I pretend to know
what they would do either!
I was only answering the question at the risk of been flame doing so as
this was beat up to death many times in the archive.
Peace...
