Re: php vulnerabilities

[Florian Weimer <fw@deneb.enyo.de>]

* Jan Minar:

>> > apt-listbugs only helps if someone else has already burned his
>> > fingers, *and* has filed a bug report with the proper severity and
>> > tags.
>
> You can tell it to install only packages that have been in the archive
> no less than some arbitrary period of time (or maybe not and it could be
> written; I don't use apt-bug).

One of the recent bugs which led to unstable breakage was already
filed, but not with sufficient severity to trigger apt-listbugs. 8-(

apt-listbugs is just kludge, not a real concept you can advertise to
end users, IMHO.  (Of course, the security process as a whole is
nothing but a kludge, but there is little Debian can do about it.)