On Sat, 2014-12-20 at 11:48 +0100, Jonas Smedegaard wrote: > [sent again, cc correct list address this time] > > Quoting Michael Gilbert (2014-12-20 11:06:47) > > On Sat, Dec 20, 2014 at 4:59 AM, Balint Reczey wrote: > >> On Fri, 19 Dec 2014 21:11:10 -0500 Michael Gilbert wrote: > >>> control: severity -1 important > >>> > >>> There is no security support for libv8 in jessie, so security issues > >>> aren't RC. > >> Could you please add some links to explain that? > >> I was about to fix this issue in an NMU after double-checking the > >> fix. > > > > Severity doesn't say anything about whether or not a bugs can be > > fixed, so you can still do that. Anyway it was decided recently on > > the security team ml.
I'm not aware of it having been decided that the security team were the arbiters of release criticality in such situations. > I find it sensible for the security team to give up on maintaining some > packages - and I find it great to try communicate that to our users by > use of the debian-security-support package. > > Just now I learned from above bugreport that the security team also > actively *lower* bugreports to avoid them being treated as release > candidate, for packages not maintained by the security team. That I > find a horrible approach: Severity of a bug is independent on whether it > will be fixed or not. The more proper tag to use is *-ignore, IMO. The setting of -ignore by people other the Release Team (or those who have previously discussed doing so, e.g. for certain classes of bug in stable) is still wrong. Regards, Adam -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1419074126.17974.6.ca...@adam-barratt.org.uk
