>Here is two messages from Hugo Leisink (Hiawatha developer). You'll >note that the first has a newer date than the later, that's because I >delete it, and I asked Hugo to send it to me again :P > >Thought that his words could be useful.
Only useful if you are trolling. Hilter. Godwin. Done. > >Greetings. > >---------- Forwarded message ---------- >From: Hugo Leisink <[EMAIL PROTECTED]> >Date: Dec 7, 2007 10:02 AM >Subject: Re: Hiawatha >To: Andris <[EMAIL PROTECTED]> > > > >Andris wrote: >> Could you please send your first e-mail to me again? I forgot to save >> it to forward it later :P >> >> Greetings. >> >Sure, here it is: > > >Hi Andres, > >I saw your post about Hiawatha in OpenBSD. I'd like to respond to the >remarks about "Hiawatha's source code is free of security-bugs" on the >Hiawatha website. > >First of all, you have to take a look at the webserver market. You use >Apache, IIS, Lighttpd or you don't use anything at all. If you want >people to use your software, you have to 'beat Goliath'. People use >Apache, because everybody else does, even when Apache is the worse fit >for their purposes. I think Hiawatha has become a really good webserver. >It's faster then Apache, is more secure then Apache and definitly more >easy to configure then Apache. But people don't use it because 'it ain't >Apache'. So, to draw people's attention and to make them at least try >Hiawatha once, I have to make 'dangerous' statements like 'free of >security bugs'. > >Second, the reponses to your message are typical for the OpenBSD >community. It's like they own the word 'security'. Only OpenBSD is >secure, the rest is not. But I guess I don't have to remind you about >http://pwnie-awards.org/winners.html#lamestvendor Yes, Hiawatha has had >bugs too. And guess what, Hiawatha will have bugs in the future. But >none of the found bugs could have been used to take over the webserver >or deface websites. And unless someone proves me wrong, my claim that >"Hiawatha is the most secure webserver" stands. > >greetings, >Hugo > >---------- Forwarded message ---------- >From: Hugo Leisink <[EMAIL PROTECTED]> >Date: Dec 7, 2007 4:33 AM >Subject: Re: Hiawatha >To: Andris <[EMAIL PROTECTED]> > > >Hi Andres >> Hi, thanks for the comments. I have two questions for you: >> >> 1. Would you let me forward this to [EMAIL PROTECTED] >> >I have no problems with that, but I think there will be enough OpenBSD >people not able to have a fair discussion about it (especially after my >second remark). > >> 2. Would you relicense Hiawatha? >> >I will never abandon the GPL license. So if it's possible for a piece of >software to have two licenses, I'm not negative towards using the BSD >license for Hiawatha. But of course, I first have to think about the >consequenses before actually doing so. > >> Even if OpenBSD does not prefer Hiawatha, a project goal still stands: >> "We strive to make our software robust and secure, and encourage >> companies to use whichever pieces they want to." >> >> And, IMHO, it applies to any project which seeks security. >> >I agree. And I think the OpenBSD project has done some really good jobs. >But it's the we-are-untouchable attitude of too many OpenBSD people that >keeps me away from it. I've had some discussions with OpenBSD people >before and too many of them weren't very pleasant. If someone finds a >bad thing in Hiawatha or has some good points about how things can be >done better, I'm the first one to say he's right. But if someone starts >saying that "Hiawatha is insecure and sucks because my coding style >doesn't match his" then the discussion is over for me. And let's be >honest, critizing a piece of software by only looking at it's project >website and not having the guts to even look at the source code, THAT is >'sheer stupidity'. > > >So, yes, I'm willing to talk again with the OpenBSD community. And if >they choose Hiawatha, I will be very proud. And if they don't, I will >try to improve Hiawatha until they do like it. BUT.... not if words like >'sucks', 'crap' and 'sheer stupidity' are being used. So, it's up to the >OpenBSD community. > >greetings, >Hugo
