Joey Hess <[EMAIL PROTECTED]> wrote: > Herbert Xu wrote: >> >> I disagree. If a package causes a remote root exploit to be available, even >> if it's only in a very specific configuration, I would say that it is >> critical.
> No, it's grave. All security bugs are grave, it's part of the definition of > that priority. And later in my message, I said: Actually, it should be critical if it's a root exploit. Grave only includes those that only comprise the user's account. > Similarly, I don't think a bug is grave if it makes a package unusable by > just one person in an odd sitution. On the other hand, I think all security > and data loss bugs are grave, even if only a few people can trigger them. Sorry for missing that bit. -- Debian GNU/Linux 2.1 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
