On Fri, Mar 2, 2012 at 1:56 PM, Gustavo Lopes <glo...@nebm.ist.utl.pt> wrote:
> I'd go with another option: > > One year of bug fixes, one year of security fixes and bug fixes that are > trivial to backport. Won't work. It is then two years bug fixing. The idea of security only is to reduce both the amount of work and the risk to break it inadvertently. > The truth is most of the time is less trouble to just merge the fix to > oldstable than > 1) determine if the bug is possibly exploitable > 2) ask the RM for approval One has to do both anyway already. We have to request CVE for security issues and to ask RM for invasive fixes. Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
