Re: php vulnerabilities

To: debian-security@lists.debian.org
Subject: Re: php vulnerabilities
From: "Christian Storch" <storch@infra.net>
Date: Wed, 29 Dec 2004 21:29:34 +0100 (CET)
Message-id: <[🔎] 2796.212.89.96.170.1104352174.squirrel@212.89.96.170>
In-reply-to: <[🔎] 41D300E4.1060301@cathedrallabs.org>
References: <m1CgLjh-000on6C@finlandia.Infodrom.North.DE> <[🔎] 41C7C251.6090208@adventnet.com> <[🔎] 20041221220355.3940a948.gygy@rdslink.ro> <[🔎] 20041221215816.GB3974@khazad-dum.debian.net> <[🔎] 20041222002125.GL14026@mathom.us> <[🔎] 20041222022526.GB14463@khazad-dum.debian.net> <[🔎] 20041222031846.GO14026@mathom.us> <[🔎] 87brcmwhu6.fsf@deneb.enyo.de> <[🔎] 20041222140903.GR14026@mathom.us> <[🔎] 87is6t6lco.fsf@deneb.enyo.de> <[🔎] 20041228012416.GX14026@mathom.us> <[🔎] 1280.212.89.96.170.1104333242.squirrel@212.89.96.170> <[🔎] 41D300E4.1060301@cathedrallabs.org>

On Mi, 29.12.2004, 20:09, Felipe Augusto van de Wiel (faw) wrote:
> 	At first I believe that security.debian.org could
> handle this, but in fact, it is more patching and
> backporting patches than new version for security reasons.
>
> 	We also have to consider that a "innocent" upgrade
> (or dist-upgrade) could broken several things, specially
> considering things like PHP, where internal changes can
> drop backward compatibility.
>
> 	So, it looks like a good task for volatile or a
> new line named sec-volatile (something like that). You can
> have a kind of "backport" supported by Debian and Debian
> Security Team. What do you think?

First I think it shouldn't be a distro as each other for that
it never would become a stable release by definition.
But it could make security updates a little bit easier and
perhaps more stable: They could be tested within a stable environment
before moving into stable and breaking some relative packets.

But at moment I'm not sure about what should be discussed in this
thread.
Is it going about an improvement of applying security updates
to stable?
Or more about the problem of non documented security patches
of some upstreams (here php)?

The latter will be the important question for me!
What will be the policy of security team about these problems and
perhaps how could the communty help to solve these problems?

Christian

Reply to:

Follow-Ups:
- Re: php vulnerabilities
  - From: "Felipe Augusto van de Wiel (faw)" <felipe@cathedrallabs.org>

References:
- php vulnerabilities
  - From: saravanan G <gsaravanan@adventnet.com>
- Re: php vulnerabilities
  - From: Adrian Minta <gygy@rdslink.ro>
- Re: php vulnerabilities
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: php vulnerabilities
  - From: Michael Stone <mstone@debian.org>
- Re: php vulnerabilities
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: php vulnerabilities
  - From: Michael Stone <mstone@debian.org>
- Re: php vulnerabilities
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: php vulnerabilities
  - From: Michael Stone <mstone@debian.org>
- Re: php vulnerabilities
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: php vulnerabilities
  - From: Michael Stone <mstone@debian.org>
- Re: php vulnerabilities
  - From: "Christian Storch" <storch@infra.net>
- Re: php vulnerabilities
  - From: "Felipe Augusto van de Wiel (faw)" <felipe@cathedrallabs.org>

Prev by Date: Re: rm files owned by root?
Next by Date: Re: rm files owned by root?
Previous by thread: Re: php vulnerabilities
Next by thread: Re: php vulnerabilities
Index(es):
- Date
- Thread