On Tue, 25 Jan 2000 00:40:20 -0800 Sam Gendler <sgendler@impossible.com> wrote:

Apache does a perfectly adequate job, using very few resources...

I don't consider a program whose process image is measured in hundreds of K (Apache currently sits just under a Meg per process here) as "resource light", especially when something like thttpd has a process image in the range of 10K or less and can the same task of serving static content equally well if not better.

It is certainly easier to have everything contained within Zope and the server that is front-ending zope.

True, there are always performance tradeoffs.

As for wanting to expose my kernel to the outside world with kernel-httpd (which I assume is an http daemon running in kernel space), I wouldn't even consider it.

I have similar concerns (which is why I don't run it either, tho the code is very clean and well written). I have a second test system that I've been beating on it with however with the side intent to see if I could get it to front Zope at some time (haven't touched that yet). So far it seems to perform admirably.

I don't like leaving even SSH and port 80 open.

That paranoid I'm not. I watch Bugtraq and CERT of course, but I have quite a bit of faith in SSH 1.2.27+ given a build from raw sources with checked signatures and no RSAREF. I have far more concern about arbitrary user logins to a box (there are far more shell-level exploits than network exploits) than SSH itself. -- J C Lawrence Home: claw@kanga.nu ----------(*) Other: coder@kanga.nu --=| A man is as sane as he is dangerous to his environment |=--