The specific potential AOLserver security issues above have also been
discussed here extensively in the past. Try a search for them for
more details, but Don's reply above gives a succinct overview.
Brad, your "Linux geek friend" simply has no idea what he's talking
about, apparently willfully so, and is simply spreading FUD. Which is
a particularly disreputable thing to see in any any self-described
"geek", Linux or otherwise.
That said, historically, Jade's "generally patched within a couple
hours" opinion of AOLserver security is, well, optimistic. I know Jon
Griffin and others had complained about maintainers at AOL ignoring
patches in the past, including some security related patches. But I
believe that was all in the Bad Old Days, before last years changes in
AOLserver governance, when fewer non-AOL people had CVS commit access
on SourceForge, etc. So things are likely much better now.
And like Don said, even throughout that whole period, AOLserver still
appears to have been safer than Apache. So unless you have
particularly severe security needs, or are simply academically
interested, you are probably safe to simply not worry about it. When
the rare AOLserver security problem has been found it seems to have
been discussed pretty quickly here and on the AOLserver list.
