* Adam Conrad: >> These bugs will likely be addressed for stable by a change in the >> security bug policy for stable. Discussions with the security team are >> ongoing; a detailed statement should be published soon. > > We need a new security policy for something that *may* fix security > bugs? Neat.
No, for the countless PHP bugs which only materialize when you run untrusted PHP scripts which do malicious things. The security team (and vendor-sec) have already decided that they won't address such bugs, only documentation is currently missing. I'm going to send my proposal to the debian-security soon. (The security team was not available for comment so far.) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]