Re: php vulnerabilities

To: Bernd Eckenfels <be-mail2004@lina.inka.de>
Cc: debian-security@lists.debian.org
Subject: Re: php vulnerabilities
From: Florian Weimer <fw@deneb.enyo.de>
Date: Fri, 24 Dec 2004 00:37:24 +0100
Message-id: <[🔎] 87oegkzivf.fsf@deneb.enyo.de>
In-reply-to: <[🔎] 20041223230817.GA28585@lina.inka.de> (Bernd Eckenfels's message of "Fri, 24 Dec 2004 00:08:17 +0100")
References: <[🔎] E1Chb1w-0007DN-00@calista.eckenfels.6bone.ka-ip.net> <[🔎] 87fz1w1vi5.fsf@deneb.enyo.de> <[🔎] 20041223230817.GA28585@lina.inka.de>

* Bernd Eckenfels:

> On Thu, Dec 23, 2004 at 11:48:34PM +0100, Florian Weimer wrote:
>> >> IOW, the soaking period is required.
> ..
>> Sorry for being unclear.  The soaking period starts *after* the issue
>> has been published.
>
> This means we will not provide patches or does it mean we will
> provide them for the user to chose?

Users who want to provide a service to the community can pre-test
patches and see if they break anything.  Users who value security over
functionality can do this, too.

> The first is I guess not acceptable,

This is not a question of acceptance.  It's only a last resort for
packages for which security support cannot be provided in any other
way.

Look at the Mozilla version in stable, and the issues surrounding it,
and you will understand.

Reply to:

Follow-Ups:
- Re: php vulnerabilities
  - From: Bernd Eckenfels <be-mail2004@lina.inka.de>

References:
- Re: php vulnerabilities
  - From: Bernd Eckenfels <ecki-news2004-05@lina.inka.de>
- Re: php vulnerabilities
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: php vulnerabilities
  - From: Bernd Eckenfels <be-mail2004@lina.inka.de>

Prev by Date: Re: php vulnerabilities
Next by Date: Re: php vulnerabilities
Previous by thread: Re: php vulnerabilities
Next by thread: Re: php vulnerabilities
Index(es):
- Date
- Thread