On Wed, 1 Feb 2023 19:50:15 -0300 Carsten Schoenert <c.schoen...@t-online.de> wrote: > Am Wed, Feb 01, 2023 at 03:24:14PM +0000 schrieb Nicola Chiapolini: > > Control: severity -1 serious > > Hi Carsten > > I am increasing the severity again. This bit me today. > > I rely on apt-listbugs to protect me from such problems and with the default settings "normal" is not sufficient to trigger listbugs. > > Yesterday, #1030112 triggered listbugs, so today I was happy to see that the problem is fixed and upgraded. So I try to help others... > > (Since the only reason I use Thunderbird in the first place is to access o365, this bug might even be considered grave ;-) > > I'm considering this issue is normaly just of severity important.
Frankly, I'm glad it was increased to serious because otherwise listbugs wouldn't have let me stop it, then I have to spend more time figuring out why I suddenly can't retrieve my e-mail and tracking down a solution, downgrading packages, etc. There is only so much time in the day and so much coffee I can drink. ;-) We use O365 at the University and I have enough issues maintaining our Linux systems there. ;-) Last thing I need is problems with workstation to get in the way of my work. > Quoting https://www.debian.org/Bugs/Developer.en.html > important > a bug which has a major effect on the usability of a package, without rendering it completely unusable to everyone > And that's what this issue is about, most of the users can use > Thunderbird without problems. Do you have statistics for that? What is "most"? I'm pretty sure many Universities and other large organizations across the world are using Office however, if it's anything like our University, "most" of those users are using Windows version of Outlook or Outlook Online. Still, I could not be sure what "most" Thunderbird users are using. Further, the actual bug in mozilla is #1814536 (OAuth2 authentication | 102.7.1. | Linux - fails) - still Open. This is an even broader than just o365 as Google uses OAuth2 as well, etc. That bug was reported here in Debian as grave under #1030112 but you closed it as a duplicate of this bug. That was perhaps mistaken. > serious > is a severe violation of Debian policy (roughly, it violates a "must" or "required" directive), > or, in the package maintainer's or release manager's opinion, makes the package unsuitable for release. I don't have the time to currently review the 609 instances of "must" or "required" in the policy, but I believe this makes the package unsuitable for release. > grave > makes the package in question unusable or mostly so, or causes data loss, > or introduces a security hole allowing access to the accounts of users who use the package. I think #1030112 should be reopened and/or merged with this bug, with the title being updated to reflect broader issue with OAuth2. As the bug is much broader than is implied here, severity should be maintained at a minimum of serious. Since many these days are using Gmail as their only e-mail then could even be argued that thunderbird is now unusable or mostly so, therefore severity of grave is not out of the question either. Best Regards, Chandler
