On 2013-06-10 15:11:26 +0100, Ian Jackson wrote: > I agree with you that that bug is a potential security vulnerability. > I think the maintainer adopted an overly-close and legalistic reading > of the bug severity guidelines. On the other hand I think the > maintainer makes good points about the lack of widespread impact.
I think that most security bugs do not have widespread impact. > I'm not sure exactly what consequences you think should have flowed > from the bug's RC severity. Do you think the release should have been > delayed ? CUPS removed from wheezy ? Presumably not. So it should > have been RC-ignored for wheezy. This is for sid only. Having a RC severity allows one to make other users aware of the bug via apt-listbugs. Then they can ignore it or not... It also prevents the bug from entering testing, which is safer for the corresponding users. Note that this is a regression. Using the testing version (= stable currently) is fine w.r.t. this bug. > So I agree with the main thrust of the maintainer's comments, that > this bug severity discussion is a side issue which risks distracting > us from fixing the bug. > > If what you're trying to do is improve the wording of the bug severity > guidelines, have you considered emailing owner@bugs ? Not yet. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <http://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130610142241.gc17...@ypig.lip.ens-lyon.fr
