[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: php vulnerabilities

On Mi, 29.12.2004, 20:09, Felipe Augusto van de Wiel (faw) wrote:
> 	At first I believe that security.debian.org could
> handle this, but in fact, it is more patching and
> backporting patches than new version for security reasons.
> 	We also have to consider that a "innocent" upgrade
> (or dist-upgrade) could broken several things, specially
> considering things like PHP, where internal changes can
> drop backward compatibility.
> 	So, it looks like a good task for volatile or a
> new line named sec-volatile (something like that). You can
> have a kind of "backport" supported by Debian and Debian
> Security Team. What do you think?

First I think it shouldn't be a distro as each other for that
it never would become a stable release by definition.
But it could make security updates a little bit easier and
perhaps more stable: They could be tested within a stable environment
before moving into stable and breaking some relative packets.

But at moment I'm not sure about what should be discussed in this
Is it going about an improvement of applying security updates
to stable?
Or more about the problem of non documented security patches
of some upstreams (here php)?

The latter will be the important question for me!
What will be the policy of security team about these problems and
perhaps how could the communty help to solve these problems?


Reply to: