[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: php vulnerabilities

Christian Storch wrote:
:: I think we would need a new distribution e.g.
:: 'sec-stable' for testing new security patches.
:: So someone would be able to choose between
:: 'more stable but less secure'
:: or
:: 'less stable but more secure'.

	At first I believe that security.debian.org could
handle this, but in fact, it is more patching and
backporting patches than new version for security reasons.

	We also have to consider that a "innocent" upgrade
(or dist-upgrade) could broken several things, specially
considering things like PHP, where internal changes can
drop backward compatibility.

	So, it looks like a good task for volatile or a
new line named sec-volatile (something like that). You can
have a kind of "backport" supported by Debian and Debian
Security Team. What do you think?

	I choose to not elaborate a model or make a proposal
because I believe that is better to discuss about how could
it evolve, before write a "fast draft" and try to integrate
with volatile.

	Kind regards,

// Felipe Augusto van de Wiel (faw) <felipe@cathedrallabs.org>
// GUD-PR / DUG-PR || http://www.debian-pr.org
// GUD-BR / DUG-BR || http://www.debian-br.org
// Debian Project  || http://www.debian.org/

Reply to: