[Secure-testing-team] Re: [Secure-testing-commits] r2366 -
data/CAN
Moritz Muehlenhoff
jmm at inutil.org
Sun Oct 9 20:25:33 UTC 2005
Florian Weimer wrote:
> >> According to Debian's stable security bug fixing policy, these aren't
> >> security vulnerabilities. Shall we track them nevertheless?
> >
> > As this hasn't been specifically publicly announced, we should do so?
>
> I don't know. I've been told it's the policy, and I've documented in
> (see my posting on debian-security). We could put it on the
> secure-testing web server if you agree it's a reasonable policy.
I agree it's a reasonable policy, but as the overhead of tracking these
issues is significantly lower than for the stable security team we could
as well track deficiencies in it as well?
Do you know how other distributions handle defects in the PHP safe mode?
Cheers,
Moritz
More information about the Secure-testing-team
mailing list