Re: php vulnerabilities
* Henrique de Moraes Holschuh:
> On Tue, 21 Dec 2004, Michael Stone wrote:
>> dealing with packages which will not be maintainable over the course of
>> a stable release. Apache doesn't meet that criterion because its
> Wasn't there a big thread about exactly this issue, centered around amavis,
> clamav and snort a while ago?
The nature of these packages is that they require periodic updates for
proper operation (mainly data files, and code that interprets data
files in new formats).
Packages like Mozilla and PHP are different. You can run the old
version without gradually loss of functionality, as long as security
fixes are isolated and backported. (Backporting is not the real
challenge, usually it's isolating the security fix.)