Re: php vulnerabilities

To: debian-security@lists.debian.org
Subject: Re: php vulnerabilities
From: "Felipe Augusto van de Wiel (faw)" <felipe@cathedrallabs.org>
Date: Wed, 29 Dec 2004 17:09:24 -0200
Message-id: <[🔎] 41D300E4.1060301@cathedrallabs.org>
References: <m1CgLjh-000on6C@finlandia.Infodrom.North.DE> <[🔎] 41C7C251.6090208@adventnet.com> <[🔎] 20041221220355.3940a948.gygy@rdslink.ro> <[🔎] 20041221215816.GB3974@khazad-dum.debian.net> <[🔎] 20041222002125.GL14026@mathom.us> <[🔎] 20041222022526.GB14463@khazad-dum.debian.net> <[🔎] 20041222031846.GO14026@mathom.us> <[🔎] 87brcmwhu6.fsf@deneb.enyo.de> <[🔎] 20041222140903.GR14026@mathom.us> <[🔎] 87is6t6lco.fsf@deneb.enyo.de> <[🔎] 20041228012416.GX14026@mathom.us> <[🔎] 1280.212.89.96.170.1104333242.squirrel@212.89.96.170>

Christian Storch wrote:
:: I think we would need a new distribution e.g.
:: 'sec-stable' for testing new security patches.
:: So someone would be able to choose between
:: 'more stable but less secure'
:: or
:: 'less stable but more secure'.

	At first I believe that security.debian.org could
handle this, but in fact, it is more patching and
backporting patches than new version for security reasons.

	We also have to consider that a "innocent" upgrade
(or dist-upgrade) could broken several things, specially
considering things like PHP, where internal changes can
drop backward compatibility.

	So, it looks like a good task for volatile or a
new line named sec-volatile (something like that). You can
have a kind of "backport" supported by Debian and Debian
Security Team. What do you think?

	I choose to not elaborate a model or make a proposal
because I believe that is better to discuss about how could
it evolve, before write a "fast draft" and try to integrate
with volatile.

	Kind regards,

--
//////////
// Felipe Augusto van de Wiel (faw) <felipe@cathedrallabs.org>
// GUD-PR / DUG-PR || http://www.debian-pr.org
// GUD-BR / DUG-BR || http://www.debian-br.org
// Debian Project  || http://www.debian.org/
//////////

Reply to:

Follow-Ups:
- Re: php vulnerabilities
  - From: "Christian Storch" <storch@infra.net>

References:
- php vulnerabilities
  - From: saravanan G <gsaravanan@adventnet.com>
- Re: php vulnerabilities
  - From: Adrian Minta <gygy@rdslink.ro>
- Re: php vulnerabilities
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: php vulnerabilities
  - From: Michael Stone <mstone@debian.org>
- Re: php vulnerabilities
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: php vulnerabilities
  - From: Michael Stone <mstone@debian.org>
- Re: php vulnerabilities
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: php vulnerabilities
  - From: Michael Stone <mstone@debian.org>
- Re: php vulnerabilities
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: php vulnerabilities
  - From: Michael Stone <mstone@debian.org>
- Re: php vulnerabilities
  - From: "Christian Storch" <storch@infra.net>

Prev by Date: Re: php vulnerabilities
Next by Date: rm files owned by root?
Previous by thread: Re: php vulnerabilities
Next by thread: Re: php vulnerabilities
Index(es):
- Date
- Thread