Re: php vulnerabilities
* Christian Storch:
>> apt-listbugs only helps if someone else has already burned his
>> fingers, *and* has filed a bug report with the proper severity and
>> IOW, the soaking period is required.
> And what is Debian 'unstable' now?
Please try to understand the context of this discussion.
We are talking (well, at least Michael and I are talking) about the
situation were upstream (and thus unstable/testing) differ
considerably from the version released with stable, that is, the case
when security fixes cannot be backported with reasonable effort.
Under these circumstances, it's naive to expect you can take the
version from unstable, tweak it to build on stable, and release it
without any integration tests.