Rob Nagler wrote:
Matt Sergeant writes:>>of these in POE than Apache. The more eyes, the fewer the defects. > >As someone who has worked on POE, and has a *great* deal of respect for >Rocco, I would really like to see that backed up. I haven't seen any >exploits in POE during my 2 years of using it, neither private nor >public. Got any example exploits, or any CVS changes that fixed an >exploit? (that's all public data) I'm sorry. I didn't mean to impugn anybody's credibility. The data are available that show the more people reviewing code, the more reliable it is.
I would have to agree. I don't know Rocco at all, but the people coding Apache aren't exactly trying to add bugs either. A lack of reported exploits usually means no one is trying, not no one can do it.
I don't think it matters much anyway, since both of them are assumed reasonably secure and source is available if you're feeling paranoid or need to patch something yourself. I'd be more inclined to look at stability, performance, and support for the features my application needs.
- Perrin
