Re: php vulnerabilities

To: debian-security@lists.debian.org
Subject: Re: php vulnerabilities
From: "Christian Storch" <storch@infra.net>
Date: Thu, 23 Dec 2004 22:26:34 +0100 (CET)
Message-id: <[🔎] 1218.212.89.97.147.1103837194.squirrel@212.89.97.147>
In-reply-to: <[🔎] 877jn83h3j.fsf@deneb.enyo.de>
References: <m1CgLjh-000on6C@finlandia.Infodrom.North.DE> <[🔎] 41C7C251.6090208@adventnet.com> <[🔎] 20041221220355.3940a948.gygy@rdslink.ro> <[🔎] 20041221215816.GB3974@khazad-dum.debian.net> <[🔎] 20041222002125.GL14026@mathom.us> <[🔎] 20041222022526.GB14463@khazad-dum.debian.net> <[🔎] 20041222031846.GO14026@mathom.us> <[🔎] 87brcmwhu6.fsf@deneb.enyo.de> <[🔎] 20041222140903.GR14026@mathom.us> <[🔎] 87is6t6lco.fsf@deneb.enyo.de> <[🔎] 20041223180339.GA28172@kontryhel.haltyr.dyndns.org> <[🔎] 877jn83h3j.fsf@deneb.enyo.de>

On Do, 23.12.2004, 21:16, Florian Weimer wrote:
> * Jan Minar:
>
>> On Thu, Dec 23, 2004 at 05:16:39PM +0100, Florian Weimer wrote:
>>> My current idea is to borrow an idea from Microsoft: Create a Patch
>>> Validation Program.  Under this program, you get access to security
>>> fixes before the official release, and you can test if your
>>> applications break.  Of course, Microsoft requires NDAs because they
>>> actually give you binaries a week or so before the regular patch day.
>>> Debian wouldn't be able to do this, so patch validation could begin
>>> only after the issue has been disclosed.  We could use a separate
>>> public archive, and after some soaking period, the new packages could
>>> be officially released on security.debian.org.
>>
>> I think You are reinventing apt-listbugs ;-)
>
> apt-listbugs only helps if someone else has already burned his
> fingers, *and* has filed a bug report with the proper severity and
> tags.
>
> IOW, the soaking period is required.

And what is Debian 'unstable' now?
;)

Christian

Reply to:

Follow-Ups:
- Re: php vulnerabilities
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: php vulnerabilities
  - From: Jan Minar <jjminar@FastMail.FM>

References:
- php vulnerabilities
  - From: saravanan G <gsaravanan@adventnet.com>
- Re: php vulnerabilities
  - From: Adrian Minta <gygy@rdslink.ro>
- Re: php vulnerabilities
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: php vulnerabilities
  - From: Michael Stone <mstone@debian.org>
- Re: php vulnerabilities
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: php vulnerabilities
  - From: Michael Stone <mstone@debian.org>
- Re: php vulnerabilities
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: php vulnerabilities
  - From: Michael Stone <mstone@debian.org>
- Re: php vulnerabilities
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: php vulnerabilities
  - From: Jan Minar <jjminar@FastMail.FM>
- Re: php vulnerabilities
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: php vulnerabilities
Next by Date: Re: php vulnerabilities
Previous by thread: Re: php vulnerabilities
Next by thread: Re: php vulnerabilities
Index(es):
- Date
- Thread