[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: php vulnerabilities

sorry for replying to the wrong message.

> saravanan ganapathy wrote:
> >Can I use those packages for production environment? 

Of course you can. These packages are, however, not under debian
quality control, nor supported by the security team. Moreover, the
guy behind the repository is not a Debian developer. This simply
means that you cannot trust him the same way you trust Debian
developers, whether about integrity or competence.

Whether you should run these package in a production environment...
well, I say no simply because PHP and MySQL are both not
production-level. But this is my personal opinion, you can do with
it what you like.

> >Plese suggest the best way to secure my php

Stop using PHP. Learn Zope and PostgreSQL.

Please do not send copies of list mail to me; I read the list!
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, user, and author
`. `'`
  `-  Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!

Attachment: signature.asc
Description: Digital signature

Reply to: