Herbert Xu wrote: > Joey Hess <[EMAIL PROTECTED]> wrote: > > Herbert Xu wrote: > >> > >> I disagree. If a package causes a remote root exploit to be available, > >> even > >> if it's only in a very specific configuration, I would say that it is > >> critical. > > > No, it's grave. All security bugs are grave, it's part of the definition of > > that priority. And later in my message, I said: > > Actually, it should be critical if it's a root exploit. Grave only includes > those that only comprise the user's account.
Last I checked, root is a user. This is not a formal definition we're working from, please use common sense. (Note: grave is a _higher_ priotity than critical. Note also: root exploits tend to turn into user account exploits as soon as the attacker wants them to.) -- see shy jo
