I don't see how frequent updates mean insecure software. It often means it's getting better. Everyauth hasn't changed significantly in a year or so. As an example, I get updates for `sudo` every once in a while on my linux.
On Sunday, 13 January 2013 18:05:41 UTC+1, Harald Hanche-Olsen wrote: > > [quahada <[email protected] <javascript:>> (2013-01-13 06:14:53 UTC)] > > > I'm in the process of switching over to passport. Maintenance of > passport is > > Much more frequent, so it's a solid long term, production solution. > > That's a non sequitur, I think. Mind you, I have no idea how good > passport is or isn't. But in the security domain, I would worry that > frequent updates indicate the authors keep finding bugs, and that does > not inspire confidence. Also, you might wish to audit the code > yourself if security is important, and that is more work if the code > keeps getting new updates. > > Frequency of updates alone is a bad metric for quality. Infrequent > updates could mean that the code is solid and bugfree, but it could > also mean the authors have abandoned it or just don't care. > > - Harald > -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
