[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: php vulnerabilities



Hi,

Christian Storch wrote:
:: First I think it shouldn't be a distro as each other
:: for that it never would become a stable release by
:: definition. But it could make security updates a
:: little bit easier and perhaps more stable: They could
:: be tested within a stable environment before moving
:: into stable and breaking some relative packets.

	Ok, sounds good. :)


:: But at moment I'm not sure about what should be
:: discussed in this thread.

	Sorry Christian, you are completely right. A few
days ago I saw a discussion about long threads without
change the subject, sorry, my mistake.


:: Is it going about an improvement of applying security
:: updates to stable?

	We should start a new discussion trying to figure
out how we can improve security updates to stable. And also
to new releases.


:: Or more about the problem of non documented security
:: patches of some upstreams (here php)?

	Yes, this thread is about "php" and security patches
from upstreams. Somebody knows the position of PHP Security
Team about this? What I mean is, the php maintainer in
Debian, already talk with PHP Security Team about what we
are facing?


:: The latter will be the important question for me!
:: What will be the policy of security team about these
:: problems and perhaps how could the communty help to
:: solve these problems?

	Don't exactly, the community could do some backports
and upgrade tests on php package, but it is not official and
people could doubt about how safe is use it.

	I don't know if we can upgrade php to a non-harmfull
new version, perhaps we should write an open statement to
the community, but I would like to wait until hear some
PHP Security Team notices. :o)

	Best regards,


--
//////////
// Felipe Augusto van de Wiel (faw) <felipe@cathedrallabs.org>
// GUD-PR / DUG-PR || http://www.debian-pr.org
// GUD-BR / DUG-BR || http://www.debian-br.org
// Debian Project  || http://www.debian.org/
//////////



Reply to: