On dim, 2009-03-01 at 12:44 -0500, Michael S. Gilbert wrote: > On Sun, 01 Mar 2009 10:16:27 +0100 wrote: > > > > (although if that's the case, i think that there is a problem > > > with debian's documentation [1] since it appears to indicate that any > > > and all security holes are to be reported as grave). > > > > It says “Most security bugs should also be set at critical or grave > > severity.”. I guess you missed the “most”? > > yes indeed, i have overlooked that statement. however, that is to be > found in the "Tags" and not the "Severity levels" section, so i had > no reason to look there.
package: thunar severity: grave tags: security You just discover that “security” is a tag and not a severity? > anyway, "most" means most, and the "non-most" > category would primarily include no-data-compromise issues such as > denial-of-services, i believe. Yes, most means most. Thanks! > it is in fact trivial to exploit: I already noticed we disagreed on that. > attackers have patience and understand the law of large numbers. Nice quote indeed. -- Yves-Alexis
signature.asc
Description: This is a digitally signed message part
