On Sat, Jul 10, 2010 at 11:52 PM, Rasmus Lerdorf <ras...@lerdorf.com> wrote:
> On 7/10/10 2:32 PM, Reindl Harald wrote:
>> Why there are no point releases for security-bugs?
>>
>> The changelog form 5.3.2 to 5.3.3 RCx shows many
>> security releases which are well known in the meantime
>>
>> It's VERY bad to schedule thmen always only with
>> the normal bugfixes and also on production servers
>> it can not be recommended to backport them by the admin
>>
>> So why there is no 5.3.2.1 which only fixes them?
>
> None of the security issues are serious remotely exploitable ones.  They
> are all local.
>

You mean that there will be security fix release shipped ASAP if a
remote exploit goes public?
Or why is it important that the current "0day" exploits are local only?

btw: +1 for making different release process for the security fix
releases than the "normal" bugfix/feature releases.

Tyrael

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to