Le vendredi 24 octobre 2008 à 12:53 -0400, David Zeuthen a écrit : > As I said, it's clear to me that Apache does meet our goals here. If you > want to propose something else, the burden is on you to provide evidence > that what you propose is not only reasonably secure, but also have good > processes in place for dealing with vulnerabilities. The last times it happened, it seemed to me that lighttpd developers have good processes when it comes to security. One other thing to consider wrt. security is the code size, and apache binaries are about twice as large. There are of course other advantages with using lighttpd, such as less memory footprint, better performance and a much more flexible configuration scheme; it may not be necessary for gnome-user-share, but it’s much less error-prone and that’s another possible cause of bugs. Contrary to what the name suggest, lighttpd is not just a lightweight web server, it is a powerful and complete implementation used by some of the biggest websites. > (FWIW, I don't mean to belittle libsoup-as-a-server (my understanding is > that libsoup is mostly used as a client so that's where the focus is) Currently, the only HTTP-serving application we ship by default with GNOME in Debian is rhythmbox, and it uses libsoup. Just like with other things, we’d like to avoid multiplying the implementations. The simple, GObject-oriented API makes it a very good candidate for other desktop-oriented applications; the issue at hand is DAV support. Cheers, -- .''`. : :' : We are debian.org. Lower your prices, surrender your code. `. `' We will add your hardware and software distinctiveness to `- our own. Resistance is futile.
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=