Re: php vulnerabilities
* Bernd Eckenfels:
> In article <email@example.com> you wrote:
>> IOW, the soaking period is required.
> But we don't hide Bugs. And given the voluntary nature of Debian a lot of
> fixes just wont happen before the velnerability is widely known, anyway.
> Just see the current samba problem.
Sorry for being unclear. The soaking period starts *after* the issue
has been published.
> And besides the openssh disaster I dont see many destructive security
> patches, especially not with debians conservative backporting strategy.
That's because the potentially destructive patches simply don't