On Wed, Aug 09, 2017 at 02:36:27PM +0300, Noam Rathaus wrote:
> Hi,
>
> I see, but it doesn't answer the problem of how can someone judge the
> severity of DSA-X against DSA-Y and say which one is more important?
Well, read the advisory text and make your own assessment :-)
> You should note that RedHat, Ubnutu, CentOS, and others provide a severity
> rating, either based on the NIST NVD, or based on some internal "mechanism"
>
> But they provide that information to assist their customers to understand
> the threat
>
> It would be disappointing if this is not done for Debian as well.
We have no interest in doing that. If there's really demand for something
like that, feel free to setup a website which classifies Debian updates
by severity.
Cheers,
Moritz
