The European Commission is preparing a software source code security audit on two software solutions, Apache HTTP server and Keepass, a password manager. The source code will be analysed and tested for potential security problems, and the results will be shared with the software developers. The audits will start in the coming weeks.
The security test is the next phase in the pilot project, involving the IT departments of both the Commission and the European Parliament.
The choice for Apache HTTP Server and Keepass is the result of a public survey. Between 17 June and 8 July, the EU-FOSSA project asked the public to help select the most-appropriate software solution, based on a pre-selection of open source solutions in use at the two European institutes. The survey received 3282 comments, with respondents favouring Keepass and Apache HTTP Server.
glad they picked the right HTTP server and not some web 2.0 meme with broken http2 support
Cooper Rivera
This is cool. Audits cost money, and audits are being done on free software. The free software was chosen by a vote independant of the people who write the cheques. That's seriously freaking cool.
Gavin Long
Why not Lighttpd or Hiawatha? Even Nginx isn't as bad.
Dylan Baker
We could have had a Firefox audit. Fuck.
Charles Ward
Apache is like 60% of the Web.
Christian Rivera
So what? That's not the good direction to take. Better make good stuff better than bad stuff less worse.
Nathan Nelson
I can't find who's going to perform the audit. Is it not clear yet?
Who gives a shit about the mess that is HTTP2? It's needlessly complex, didn't fix things that should have been fixed ages ago and only exists because of power politics with Google.
Honestly, auditing Firefox or OpenSSL is a waste of time. The things are fuckhuge and written by irresponsible idiots, an audit ain't gonna fix anything. Linux would have been nice.
Ayden Nelson
Anyone stuck behind a firewall or NAT or other pajeet-built consumer hardware where using a transport like SCTP isn't an option?
Lucas Hill
What's more important long-term, a 2% improvement in 60% of the web or a 10% improvement in less an 1% of it?
Brandon Bennett
It sure won't change if you retards are trying to keep a corpse alive.
Easton Brooks
haha yeah right
Carson Nelson
Nginx doesn't need an audit since it's not a giant old mess like Apache.
Oliver Hernandez
that being said I'm glad either way, I'm being genuine here, I think Apache should get an audit if only because of the marketshare.
Henry Collins
Nginx doesn't need an audit since it has no features
Nolan Sanders
Just use caddy
Michael Lopez
I would rather get Firefox or Linux audited than Keepass. In fact, I wonder why the fuck did Keepass, a program with less "weight" than Apache or Linux or Firefox or most of the options written there, with a really simple function that only an utter retard could fuck up, got chosen over shit like MOTHERFUCKING OPENSSL, THE BACKBONE OF MODERN ENCRYPTION.
I am happy with the Apache decision, but really, I doubt KeePass has a big enough userbase to warrant all that attention. It's almost as if they rigged the poll.
Kevin Cox
OpenSSL already got $50k of pimp money from the Linux Foundation
Juan Gomez
Keepass is necessary to use when you have more than 10 good passwords. it's the less retarded alternative to a post-it / plain text / similar passwords . You only have to remember a good password and all your accounts are safe.
If your passwords + user-names are accessible for a hacker, no security on the application side will protect you.
There is more important shit (open/libre-ssl , linux , BSD ... ), but it's more important than you belive. And it's a start in the good direction.
Henry Perry
Apache is the behemoth embedded in everything and it cannot be migrated away from Hiawatha is a meme and doesn't support jack shit Nginx is like Hiawatha but as painful to configure as Apache
I use Hiawatha tho because it does everything I need and it's lightweight
Chase White
Who are you quoting?
Lincoln Gomez
Google are pusjing it hard, and they have more lobbyists and money than you. Poul-Henning Kamp on why HTTP2 sucks ass: queue.acm.org/detail.cfm?id=2716278
Easton Evans
Nginx has too many features to audit on a single pass. They could try to buy the pro-version and make it free/libre. Nginx is too good to be crippleware community edition.
that money is better spent migrating to NaCl/libsodium
Eli Nelson
money down the toilet. polishing a turd. there's a reason libreSSL exists
William Wood
I for one am glad keepass is finally getting an audit. We can know if it's got holes.
Although to be quite honest this is an EU audit and unlikely to dig up any major security flaws (or if it does they get buried). So would it really have mattered what they chose to audit? I somehow doubt it.
