http://www.debian.org/Bugs/Developer#severities talks about bug severities:
critical
makes unrelated software on the system (or the whole system) break, or
causes serious data loss, or introduces a security hole on systems where
you install the package.
grave
makes the package in question unuseable or mostly so, or causes data
loss, or introduces a security hole allowing access to the accounts of
users who use the package.
important
any other bug which makes the package unsuitable for release.
I'm seeing a lot of "grave" and "important" bugs lately. (I've closed 17 >
normal importance bugs in my packages in the past 28 days, and just 23
normal bugs. ).
I've noticed that in many of the cases where I think the bug has too high
severity, the bug doesn't affect all users of the package. A specific
example: I've a rvplayer bug saying that it segfaults, marked important. But
since people have been using that binary for about 9 months, with general
success (and since the package in question is only in stable, and has not
changed in any way in that time period), the bug is clearly not affecting
everyone, or even many people.
I think we should clarify the description of important to note that the bug
has to affect a large group of people to be important severity.
Similarly, I don't think a bug is grave if it makes a package unusable by
just one person in an odd sitution. On the other hand, I think all security
and data loss bugs are grave, even if only a few people can trigger them.
What do other think, and have you seen seeing the same runaway bug severity
inflation I have?
--
see shy jo
