Re: php vulnerabilities

To: debian-security@lists.debian.org
Subject: Re: php vulnerabilities
From: Michael Stone <mstone@debian.org>
Date: Mon, 27 Dec 2004 20:25:59 -0500
Message-id: <[🔎] 20041228012559.GY14026@mathom.us>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] E1Chb1w-0007DN-00@calista.eckenfels.6bone.ka-ip.net>
References: <[🔎] 877jn83h3j.fsf@deneb.enyo.de> <[🔎] E1Chb1w-0007DN-00@calista.eckenfels.6bone.ka-ip.net>

On Thu, Dec 23, 2004 at 11:01:56PM +0100, Bernd Eckenfels wrote:

In article <[🔎] 877jn83h3j.fsf@deneb.enyo.de> you wrote:

IOW, the soaking period is required.


But we don't hide Bugs. And given the voluntary  nature of Debian a lot of
fixes just wont happen before the velnerability is widely known, anyway.
Just see the current samba problem.


Who said anything about hiding something? Reread his message.

And besides the openssh disaster I dont see many destructive security
patches, especially not with debians conservative backporting strategy.


Dude, are you reading the thread at all? The backporting is the question
at hand.

Mike Stone

Reply to:

References:
- Re: php vulnerabilities
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: php vulnerabilities
  - From: Bernd Eckenfels <ecki-news2004-05@lina.inka.de>

Prev by Date: Re: php vulnerabilities
Next by Date: CAN-2004-0814 ?
Previous by thread: Re: php vulnerabilities
Next by thread: Re: php vulnerabilities
Index(es):
- Date
- Thread