Re: php vulnerabilities
* Jan Minar:
>> > apt-listbugs only helps if someone else has already burned his
>> > fingers, *and* has filed a bug report with the proper severity and
>> > tags.
> You can tell it to install only packages that have been in the archive
> no less than some arbitrary period of time (or maybe not and it could be
> written; I don't use apt-bug).
One of the recent bugs which led to unstable breakage was already
filed, but not with sufficient severity to trigger apt-listbugs. 8-(
apt-listbugs is just kludge, not a real concept you can advertise to
end users, IMHO. (Of course, the security process as a whole is
nothing but a kludge, but there is little Debian can do about it.)