[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: php vulnerabilities

* Bernd Eckenfels:

> On Thu, Dec 23, 2004 at 11:48:34PM +0100, Florian Weimer wrote:
>> >> IOW, the soaking period is required.
> ..
>> Sorry for being unclear.  The soaking period starts *after* the issue
>> has been published.
> This means we will not provide patches or does it mean we will
> provide them for the user to chose?

Users who want to provide a service to the community can pre-test
patches and see if they break anything.  Users who value security over
functionality can do this, too.

> The first is I guess not acceptable,

This is not a question of acceptance.  It's only a last resort for
packages for which security support cannot be provided in any other

Look at the Mozilla version in stable, and the issues surrounding it,
and you will understand.

Reply to: