Re: php vulnerabilities
On Wed, Dec 22, 2004 at 12:25:26AM -0200, Henrique de Moraes Holschuh wrote:
On Tue, 21 Dec 2004, Michael Stone wrote:
Why would we get rid of apache 1.3?
We wouldn't. Nor would we get rid of php4. I was just being sarcastic.
The two programs are different cases. I think a reasonable question has
been raised, and debian does need to come up with a better solution for
dealing with packages which will not be maintainable over the course of
a stable release. Apache doesn't meet that criterion because its
upstream is very good about documenting security problems & their
specific fixes. Other programs, well, aren't so good.