[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: php vulnerabilities

On Do, 23.12.2004, 21:16, Florian Weimer wrote:
> * Jan Minar:
>> On Thu, Dec 23, 2004 at 05:16:39PM +0100, Florian Weimer wrote:
>>> My current idea is to borrow an idea from Microsoft: Create a Patch
>>> Validation Program.  Under this program, you get access to security
>>> fixes before the official release, and you can test if your
>>> applications break.  Of course, Microsoft requires NDAs because they
>>> actually give you binaries a week or so before the regular patch day.
>>> Debian wouldn't be able to do this, so patch validation could begin
>>> only after the issue has been disclosed.  We could use a separate
>>> public archive, and after some soaking period, the new packages could
>>> be officially released on security.debian.org.
>> I think You are reinventing apt-listbugs ;-)
> apt-listbugs only helps if someone else has already burned his
> fingers, *and* has filed a bug report with the proper severity and
> tags.
> IOW, the soaking period is required.

And what is Debian 'unstable' now?


Reply to: