I have read lots of reviews on lighttpd, and was thinking of making it the main HTTPD in Zenserver (not released yet, it's based on Zenwalk - a Slackware derivative). I was very disappointed to see that most of the files in the .tar.gz source, are world writable. This is a very poor practice, if I put this inside /usr/src/ (or any user accessible folder for that matter), any user would be able to put a trojan horse inside of the code - and in my case, it would get pushed as an update. I don't have any user accounts on my main development box, but this should really be addressed.
Haven't used it yet, but Lighttpd looks very impressive, keep up the good work!
Thanks,
sega01 (Teran Mckinney)
