[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: php vulnerabilities



* Bernd Eckenfels:

> In article <877jn83h3j.fsf@deneb.enyo.de> you wrote:
>> IOW, the soaking period is required.
>
> But we don't hide Bugs. And given the voluntary  nature of Debian a lot of
> fixes just wont happen before the velnerability is widely known, anyway.
> Just see the current samba problem.

Sorry for being unclear.  The soaking period starts *after* the issue
has been published.

> And besides the openssh disaster I dont see many destructive security
> patches, especially not with debians conservative backporting strategy.

That's because the potentially destructive patches simply don't
happen.



Reply to: