On Sat, Jul 10, 2010 at 11:52 PM, Rasmus Lerdorf <ras...@lerdorf.com> wrote: > On 7/10/10 2:32 PM, Reindl Harald wrote: >> Why there are no point releases for security-bugs? >> >> The changelog form 5.3.2 to 5.3.3 RCx shows many >> security releases which are well known in the meantime >> >> It's VERY bad to schedule thmen always only with >> the normal bugfixes and also on production servers >> it can not be recommended to backport them by the admin >> >> So why there is no 5.3.2.1 which only fixes them? > > None of the security issues are serious remotely exploitable ones. They > are all local. >
You mean that there will be security fix release shipped ASAP if a remote exploit goes public? Or why is it important that the current "0day" exploits are local only? btw: +1 for making different release process for the security fix releases than the "normal" bugfix/feature releases. Tyrael -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php