Re: [SECURITY] [DSA 2670-1] wordpress security update
On Wed, 07 Nov 2012, Thijs Kinkhorst wrote:
> I think we should do this only when it has been shown that applying the
> fixes to the current version in stable(-security) is infeasible. Suppose
> now a simple XSS is discovered, I would be very much in favour to just
> apply that fix.
I would as well. The trouble is that contrary to Django (for example),
upstream is not pointing out which commits are security relevant and
which versions are affected or not.
And there's zero support for older versions. So we're on our own (and I'm
not going to do all those investigations by myself).
Raphaël Hertzog ◈ Debian Developer
Get the Debian Administrator's Handbook: