Hi Paul, On Sun, Mar 26, 2023 at 01:40:10PM +0200, Paul Gevers wrote: > Hi Ondřej, > > On 26-03-2023 08:36, Ondřej Surý wrote: > > just a quick reply - PHP already has a security (and if I remember > > correctly release) team exception from the last time. So, we already had > > this talk about upstream policies. > > I *suspect* the same, but because of the shear amount of work ongoing for > the release team at the moment, I hope people can help point to the relevant > information instead of us needing to find it. > > It can obviously wait a couple of days, we're not *that* close to releasing > yet.
if this helps on the decision: We would, similarly as done for bullseye already, want to follow the upstream releases until supported by upstream and then switch to cherry-pick security fixes only on top. Ondrej can give a more detailed input, so please wait for his reply. Regards, Salvatore
