Re: php vulnerabilities
Christian Storch wrote:
:: I think we would need a new distribution e.g.
:: 'sec-stable' for testing new security patches.
:: So someone would be able to choose between
:: 'more stable but less secure'
:: 'less stable but more secure'.
At first I believe that security.debian.org could
handle this, but in fact, it is more patching and
backporting patches than new version for security reasons.
We also have to consider that a "innocent" upgrade
(or dist-upgrade) could broken several things, specially
considering things like PHP, where internal changes can
drop backward compatibility.
So, it looks like a good task for volatile or a
new line named sec-volatile (something like that). You can
have a kind of "backport" supported by Debian and Debian
Security Team. What do you think?
I choose to not elaborate a model or make a proposal
because I believe that is better to discuss about how could
it evolve, before write a "fast draft" and try to integrate
// Felipe Augusto van de Wiel (faw) <firstname.lastname@example.org>
// GUD-PR / DUG-PR || http://www.debian-pr.org
// GUD-BR / DUG-BR || http://www.debian-br.org
// Debian Project || http://www.debian.org/