Looking at the recent number of infections by the PHPBB2 worm and the other PHP worm roaming around in the net:

Security with sarge can’t be that much worse than with woody.

At least sarge was not affected by this worm it seems.

Fortunately, my woody system was upgraded fast enough to PHP 4.3.10, because I had to backport it myself anyway - I need the “pspell” extension, the php4 maintainers seem to ignore for over two years now.

Up to now, users could trust security.debian.org to bring out security updates in time. Now this is not even true for woody any more. This “incident” will seriuosly harm our reputation. Ubuntu hat it by 16. December, Mandrake on

  1. December, Gentoo 18. December, RedhatFedora 21. December. SuSE and Debian still pending despite two worms running wild and infecting systems.

On the other hand, its just stupid PHP sites going down. No root compromise. Maybe people will trust PHyPe now a bit less…