On Fri, 02 Mar 2012 14:00:51 +0100, Pierre Joye <pierre....@gmail.com>
wrote:
On Fri, Mar 2, 2012 at 1:56 PM, Gustavo Lopes <glo...@nebm.ist.utl.pt>
wrote:
I'd go with another option:
One year of bug fixes, one year of security fixes and bug fixes that are
trivial to backport.
Won't work. It is then two years bug fixing.
The idea of security only is to reduce both the amount of work and the
risk to break it inadvertently.
The truth is most of the time is less trouble to just merge the fix to
oldstable than
1) determine if the bug is possibly exploitable
2) ask the RM for approval
One has to do both anyway already. We have to request CVE for security
issues and to ask RM for invasive fixes.
Fair enough. Option #1 seems the most appropriate then. The others seem
too drastic to implement with such short notice.
--
Gustavo Lopes
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
