Re: php vulnerabilities

To: debian-security@lists.debian.org
Subject: Re: php vulnerabilities
From: Florian Weimer <fw@deneb.enyo.de>
Date: Thu, 23 Dec 2004 21:16:48 +0100
Message-id: <[🔎] 877jn83h3j.fsf@deneb.enyo.de>
In-reply-to: <[🔎] 20041223180339.GA28172@kontryhel.haltyr.dyndns.org> (Jan Minar's message of "Thu, 23 Dec 2004 18:03:39 +0000")
References: <m1CgLjh-000on6C@finlandia.Infodrom.North.DE> <[🔎] 41C7C251.6090208@adventnet.com> <[🔎] 20041221220355.3940a948.gygy@rdslink.ro> <[🔎] 20041221215816.GB3974@khazad-dum.debian.net> <[🔎] 20041222002125.GL14026@mathom.us> <[🔎] 20041222022526.GB14463@khazad-dum.debian.net> <[🔎] 20041222031846.GO14026@mathom.us> <[🔎] 87brcmwhu6.fsf@deneb.enyo.de> <[🔎] 20041222140903.GR14026@mathom.us> <[🔎] 87is6t6lco.fsf@deneb.enyo.de> <[🔎] 20041223180339.GA28172@kontryhel.haltyr.dyndns.org>

* Jan Minar:

> On Thu, Dec 23, 2004 at 05:16:39PM +0100, Florian Weimer wrote:
>> My current idea is to borrow an idea from Microsoft: Create a Patch
>> Validation Program.  Under this program, you get access to security
>> fixes before the official release, and you can test if your
>> applications break.  Of course, Microsoft requires NDAs because they
>> actually give you binaries a week or so before the regular patch day.
>> Debian wouldn't be able to do this, so patch validation could begin
>> only after the issue has been disclosed.  We could use a separate
>> public archive, and after some soaking period, the new packages could
>> be officially released on security.debian.org.
>
> I think You are reinventing apt-listbugs ;-)

apt-listbugs only helps if someone else has already burned his
fingers, *and* has filed a bug report with the proper severity and
tags.

IOW, the soaking period is required.

Reply to:

Follow-Ups:
- Re: php vulnerabilities
  - From: "Christian Storch" <storch@infra.net>
- Re: php vulnerabilities
  - From: Bernd Eckenfels <ecki-news2004-05@lina.inka.de>

References:
- php vulnerabilities
  - From: saravanan G <gsaravanan@adventnet.com>
- Re: php vulnerabilities
  - From: Adrian Minta <gygy@rdslink.ro>
- Re: php vulnerabilities
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: php vulnerabilities
  - From: Michael Stone <mstone@debian.org>
- Re: php vulnerabilities
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: php vulnerabilities
  - From: Michael Stone <mstone@debian.org>
- Re: php vulnerabilities
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: php vulnerabilities
  - From: Michael Stone <mstone@debian.org>
- Re: php vulnerabilities
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: php vulnerabilities
  - From: Jan Minar <jjminar@FastMail.FM>

Prev by Date: Re: php vulnerabilities
Next by Date: Re: php vulnerabilities
Previous by thread: Re: php vulnerabilities
Next by thread: Re: php vulnerabilities
Index(es):
- Date
- Thread