[sent again, cc correct list address this time] Quoting Michael Gilbert (2014-12-20 11:06:47) > On Sat, Dec 20, 2014 at 4:59 AM, Balint Reczey wrote: >> On Fri, 19 Dec 2014 21:11:10 -0500 Michael Gilbert wrote: >>> control: severity -1 important >>> >>> There is no security support for libv8 in jessie, so security issues >>> aren't RC. >> Could you please add some links to explain that? >> I was about to fix this issue in an NMU after double-checking the >> fix. > > Severity doesn't say anything about whether or not a bugs can be > fixed, so you can still do that. Anyway it was decided recently on > the security team ml.
I find it sensible for the security team to give up on maintaining some packages - and I find it great to try communicate that to our users by use of the debian-security-support package. Just now I learned from above bugreport that the security team also actively *lower* bugreports to avoid them being treated as release candidate, for packages not maintained by the security team. That I find a horrible approach: Severity of a bug is independent on whether it will be fixed or not. The more proper tag to use is *-ignore, IMO. Please let us not hide problems! - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
