Re: php vulnerabilities
* Bernd Eckenfels:
> On Thu, Dec 23, 2004 at 11:48:34PM +0100, Florian Weimer wrote:
>> >> IOW, the soaking period is required.
>> Sorry for being unclear. The soaking period starts *after* the issue
>> has been published.
> This means we will not provide patches or does it mean we will
> provide them for the user to chose?
Users who want to provide a service to the community can pre-test
patches and see if they break anything. Users who value security over
functionality can do this, too.
> The first is I guess not acceptable,
This is not a question of acceptance. It's only a last resort for
packages for which security support cannot be provided in any other
Look at the Mozilla version in stable, and the issues surrounding it,
and you will understand.