"Ryan Bloom" <[EMAIL PROTECTED]> wrote:
> 
> 3) I don't believe that we should be adding every possible module to the core
> distribution.  I personally think we should leave the core as minimal as
> possible, and only add more modules if they implement a part of the HTTP spec.

I can't say much, as I'm not a developer of HTTPD, but I tend to share the
feeling with Ryan on this. In the light of the latest security warnings on
Tomcat, adding a single feature (CGI execution), compromised our entire
core... And as Chuck forwarded to the members, it might be worth reading
this <http://www.zdnet.com/zdnn/stories/news/0,4586,2792860,00.html>.

Adding features to the core, unless they're absolutely 100% safe and 100%
needed is, IMVVVVVVVVVVVHO, not a very good idea...

Just my 2c

    Pier (watching the Star Trek marathon on Sky-1)

Reply via email to