Forum OpenACS Q&A: Re: aolServer security issues

Posted by Andrew Piskorski on
The specific potential AOLserver security issues above have also been discussed here extensively in the past. Try a search for them for more details, but Don's reply above gives a succinct overview.

Brad, your "Linux geek friend" simply has no idea what he's talking about, apparently willfully so, and is simply spreading FUD. Which is a particularly disreputable thing to see in any any self-described "geek", Linux or otherwise.

That said, historically, Jade's "generally patched within a couple hours" opinion of AOLserver security is, well, optimistic. I know Jon Griffin and others had complained about maintainers at AOL ignoring patches in the past, including some security related patches. But I believe that was all in the Bad Old Days, before last years changes in AOLserver governance, when fewer non-AOL people had CVS commit access on SourceForge, etc. So things are likely much better now.

And like Don said, even throughout that whole period, AOLserver still appears to have been safer than Apache. So unless you have particularly severe security needs, or are simply academically interested, you are probably safe to simply not worry about it. When the rare AOLserver security problem has been found it seems to have been discussed pretty quickly here and on the AOLserver list.