Re: php vulnerabilities
* Jan Minar:
> On Thu, Dec 23, 2004 at 05:16:39PM +0100, Florian Weimer wrote:
>> My current idea is to borrow an idea from Microsoft: Create a Patch
>> Validation Program. Under this program, you get access to security
>> fixes before the official release, and you can test if your
>> applications break. Of course, Microsoft requires NDAs because they
>> actually give you binaries a week or so before the regular patch day.
>> Debian wouldn't be able to do this, so patch validation could begin
>> only after the issue has been disclosed. We could use a separate
>> public archive, and after some soaking period, the new packages could
>> be officially released on security.debian.org.
> I think You are reinventing apt-listbugs ;-)
apt-listbugs only helps if someone else has already burned his
fingers, *and* has filed a bug report with the proper severity and
IOW, the soaking period is required.