Re: php vulnerabilities
* Bernd Eckenfels:
> In article <[🔎] 877jn83h3j.fsf@deneb.enyo.de> you wrote:
>> IOW, the soaking period is required.
>
> But we don't hide Bugs. And given the voluntary nature of Debian a lot of
> fixes just wont happen before the velnerability is widely known, anyway.
> Just see the current samba problem.
Sorry for being unclear. The soaking period starts *after* the issue
has been published.
> And besides the openssh disaster I dont see many destructive security
> patches, especially not with debians conservative backporting strategy.
That's because the potentially destructive patches simply don't
happen.
Reply to: