Re: php vulnerabilities
On Wed, Dec 22, 2004 at 08:22:18AM -0500, Michael Stone wrote:
> On Wed, Dec 22, 2004 at 01:56:18PM +0100, Francesco P. Lovergine wrote:
> >On Wed, Dec 22, 2004 at 09:27:52AM -0200, Henrique de Moraes Holschuh
> >>On Tue, 21 Dec 2004, Michael Stone wrote:
> >>> dealing with packages which will not be maintainable over the course of
> >>> a stable release. Apache doesn't meet that criterion because its
> >>Wasn't there a big thread about exactly this issue, centered around
> >>clamav and snort a while ago?
> >Yes, the answer is volatile.debian.net(.org) as you prefer.
> No, that's the answer to a different question. (What to do with software
> that's inherently dependent on volatile information, like virus or ids
> Mike Stone
I did mean that in the same thread me and other proposed to extend
volatile to giant programs which have known supporting problem (an example
is mozilla which is notoriously broken in stable, and none can decently
update it or ensure it is in sane state). Many people did not
agree about, of course.
Francesco P. Lovergine