PHP vulnerabilities?
Michal Jaegermann
michal at harddata.com
Mon Dec 20 16:41:16 UTC 2004
On Mon, Dec 20, 2004 at 09:43:18AM -0500, Matt Nuzum wrote:
> >
> It takes 100's and 100's of
> hours to certify an application such as mine on a new platform - those
> 100's and 100's of hours equate into a lot of money.
This means that you have a serious incentive if you care about that
fix.
> Presumably the PHP 4.1 that is currently in fedora legacy
Er, no. This dependes on a platform. If you are talking about
RH7.3 installation, with updates, then you are correct. Something
which started as RH9 or FC1 will have later versions of PHP.
>
> Honestly, if I wanted newer versions of the software, I would upgrade.
> I need to use FL because I can't afford the instability of FC
This "instability of FC" is in my experience more legend than a
fact. True, FC1 had various issues and so did RH8 and from what
I have seen much more severe. In any case nothing prevents you from
using and _supporting_ Tao, cAos or Whitebox if you want long term
platform but do not want to pay for RHEL.
> I pray that some way can be found to ascertain if the problems apply
> to RH7.3
Well, you have other choices outside of praying. You can wait and
do nothing hoping that one day somebody will solve the problem. You
can sit down and do patching and testing yourself. Your
contribution to an ongoing maintenance of Legacy will be eagerly
awaited. Or you can try to hire somebody to do that job for you.
Sounds like in your case this should be higly cost effective.
As I wrote: I did spent some time trying to see how to backport
fixes. This turns out to be far from obvious and requires much
more effort and time then _I_ am willing to spent on that in this
moment. It does not mean that for somebody else the whole thing
will look substantially different. This is a _community_ project.
Michal
More information about the fedora-legacy-list
mailing list