Re: [SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities
Matt Zimmerman <mdz@debian.org> writes:
> On Sun, Jul 25, 2004 at 11:54:56PM +0200, Hilko Bengen wrote:
>
>> I haven't checked whether this has been the case and, given that
>> PHP has evolved quite a bit since Woody was released, it might not
>> have mattered much in this particular case. But if Debian manages
>> to release more often in the future and less-frequently updated
>> packages are treated like this, we might run into confusion.
>
> Selecting an appropriate version number is part of the security
> update process, and includes checking that it is unique.
I imagine that some work on these checks could be saved if security
updates generally used a scheme like ${LAST_USED_VERSION}woody${N}.
(BTW, what is the quickest/best way to determine if a version number
has been used before?) This would not help in the rare case where a
fix can't be backported, of course.
Is this part of the the procedure for security updates documented
anywhere? I didn't find it in the Debian Policy.
Thanks for your clarification, anyhow. :-)
-Hilko
Reply to: