Am 22.08.2011 11:33, schrieb Lester Caine: > Pierre Joye wrote: >> but does it work with 5.3.6? On the servers where 5.3.7 fails? > > While switching back should simply be a matter of telling the package manager > to use the older version
with full disclosed security-bugs they are open and known for months before even a new version is released > there should perhaps be a little less 'rush' to automatically update systems, > allowing us to make a choice when we do upgrade? we have the choice but we have not because it takes months before a new php-version is available and the whole time before security-bugs are well known everywhere there should be placed diff-files for security fixes directly on the download-page they could be easily included in rpmbuild/spec-file if they are matching to the latest tar.bz2, but the current release process does not support this and forces users if they wanting their machines as secure as possible to grab in the VCS manually and hoping make no mistake by making this on their own - it is a hughe difference for a administrator innclude provided patches in a spec-file or deal with the whole php-source Patch8: php-5.3.7-aconf259.patch Patch20: php-4.3.11-shutdown.patch Patch21: php-5.3.3-macropen.patch Patch22: php-5.3.7-crypt.patch Patch40: php-5.0.4-dlopen.patch Patch41: php-5.3.0-easter.patch Patch42: php-5.3.1-systzdata-v7.patch Patch43: php-5.3.4-phpize.patch Patch61: php-5.0.4-tests-wddx.patch Patch62: php-5.3.3-tests.patch Patch91: php-5.3.7-oci8conf.patch Patch92: php-5.3.7-readline.patch Patch93: php-5.3.6-mysqli.patch
signature.asc
Description: OpenPGP digital signature