Re: php vulnerabilities

To: Bernd Eckenfels <ecki-news2004-05@lina.inka.de>
Cc: debian-security@lists.debian.org
Subject: Re: php vulnerabilities
From: Florian Weimer <fw@deneb.enyo.de>
Date: Thu, 23 Dec 2004 23:48:34 +0100
Message-id: <[🔎] 87fz1w1vi5.fsf@deneb.enyo.de>
In-reply-to: <[🔎] E1Chb1w-0007DN-00@calista.eckenfels.6bone.ka-ip.net> (Bernd Eckenfels's message of "Thu, 23 Dec 2004 23:01:56 +0100")
References: <[🔎] E1Chb1w-0007DN-00@calista.eckenfels.6bone.ka-ip.net>

* Bernd Eckenfels:

> In article <[🔎] 877jn83h3j.fsf@deneb.enyo.de> you wrote:
>> IOW, the soaking period is required.
>
> But we don't hide Bugs. And given the voluntary  nature of Debian a lot of
> fixes just wont happen before the velnerability is widely known, anyway.
> Just see the current samba problem.

Sorry for being unclear.  The soaking period starts *after* the issue
has been published.

> And besides the openssh disaster I dont see many destructive security
> patches, especially not with debians conservative backporting strategy.

That's because the potentially destructive patches simply don't
happen.

Reply to:

Follow-Ups:
- Re: php vulnerabilities
  - From: Bernd Eckenfels <be-mail2004@lina.inka.de>

References:
- Re: php vulnerabilities
  - From: Bernd Eckenfels <ecki-news2004-05@lina.inka.de>

Prev by Date: Re: php vulnerabilities
Next by Date: Re: php vulnerabilities
Previous by thread: Re: php vulnerabilities
Next by thread: Re: php vulnerabilities
Index(es):
- Date
- Thread