Re: php vulnerabilities

To: debian-security@lists.debian.org
Subject: Re: php vulnerabilities
From: Michael Stone <mstone@debian.org>
Date: Mon, 27 Dec 2004 20:24:16 -0500
Message-id: <[🔎] 20041228012416.GX14026@mathom.us>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 87is6t6lco.fsf@deneb.enyo.de>
References: <m1CgLjh-000on6C@finlandia.Infodrom.North.DE> <[🔎] 41C7C251.6090208@adventnet.com> <[🔎] 20041221220355.3940a948.gygy@rdslink.ro> <[🔎] 20041221215816.GB3974@khazad-dum.debian.net> <[🔎] 20041222002125.GL14026@mathom.us> <[🔎] 20041222022526.GB14463@khazad-dum.debian.net> <[🔎] 20041222031846.GO14026@mathom.us> <[🔎] 87brcmwhu6.fsf@deneb.enyo.de> <[🔎] 20041222140903.GR14026@mathom.us> <[🔎] 87is6t6lco.fsf@deneb.enyo.de>

On Thu, Dec 23, 2004 at 05:16:39PM +0100, Florian Weimer wrote:

However, most of our packages haven't got test suites, and our
dependency graph is certainly more convoluted than Red Hat's.  For
example, Red Hat probably has only a handful packages which depend on
PHP.  How do we make sure that the upgrade does not break any of the
PHP-based packages we ship?


Good question. The question that needs answering is whether we are
happier having secure, broken systems than insecure systems that
otherwise work. As soon as you start changing things you risk breaking
something, and we don't really have (IMO) a good line drawn.

My current idea is to borrow an idea from Microsoft: Create a Patch

Validation Program.


That might be a possibility--an unstable/testing model for the security
archive.

Mike Stone

Reply to:

Follow-Ups:
- Re: php vulnerabilities
  - From: "Christian Storch" <storch@infra.net>

References:
- php vulnerabilities
  - From: saravanan G <gsaravanan@adventnet.com>
- Re: php vulnerabilities
  - From: Adrian Minta <gygy@rdslink.ro>
- Re: php vulnerabilities
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: php vulnerabilities
  - From: Michael Stone <mstone@debian.org>
- Re: php vulnerabilities
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: php vulnerabilities
  - From: Michael Stone <mstone@debian.org>
- Re: php vulnerabilities
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: php vulnerabilities
  - From: Michael Stone <mstone@debian.org>
- Re: php vulnerabilities
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: subscribe
Next by Date: Re: php vulnerabilities
Previous by thread: Re: php vulnerabilities
Next by thread: Re: php vulnerabilities
Index(es):
- Date
- Thread