Opa security and bug fixes

Question

I am considering having a look at Opa. While I am comfortable with the usual way of building web applications, the project seems very interesting, and having the client-server communication handled automatically is a real plus.

My only concern is about security. If a new type of attack or vulnerability is discovered, I can usually take precautions myself. What if I develop an Opa application?

I guess MLState will react very promtply to add bug and security fixes, but is this assurance enough? The company is not huge, and they may be under pressure for other things.

Are Opa projecst flexible enough to allow patching security bugs on my own?

Answer 1

one of MLstate employees speaking :). Glad you like the concepts behind Opa. Now on to the question.

Of course we will try our best to address any security vulnerabilities as fast as possible. If you can patch security bugs on your own? Opa is fully open source so nothing stops you from making a fork of the compiler and making your own fixes at your own pace. In which case of course we'd hope you'd send us a patch to be included in the official branch. Does that answer your question?