Hello world, Four new bug tags: security This bug describes a security problem in a package (eg, bad permissions allowing access to data that shouldn't be accessible; buffer overruns allowing people to control a system in ways they shouldn't be able to; denial of service attacks that should be fixed, etc). Most security bugs should also be set at critical or grave severity. potato (replaces "stable") This bug particularly applies to the potato release of Debian. woody This bug particularly applies to the (unreleased) woody distribution. sid This bug particularly applies to an architecture that is currently unreleased (that is, in the sid distribution). The latter three tags are intended to be used mainly for release critical bugs, for which it's important to know which distributions are affected to make sure fixes (or removals) happen in the right place. A new severity: serious (less severe than "grave", more severe than "important") is a severe violation of Debian policy (that is, it violates a "must" or "required" directive), or, in the package maintainer's opinion, makes the package unsuitable for release. Changed definitions of severities: important a bug which has a major affect on the usability of a package, without rendering it completely unusable to everyone. normal the default value, applicable to most bugs. minor a problem which doesn't affect the package's usefulness (eg, a grammatical error in a manpage). Note that the "minor" severity has been around for quite a while, but it's been fairly undocumented, so it's probably that no one's noticed it. I expect for woody, that critical, grave and serious bugs will be considered release critical (that is, they'll generally result in the package being removed, or ocassionally in the release being delayed while a fix is worked out); and that, hopefully, the -qa folks will go to some trouble to try to minimise the number of important bugs before release. Note that this means a fair few "important" bugs need to have their severity fixed up (usually to "serious", but also often to "grave" or "critical")... Cheers, aj -- Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. GPG signed mail preferred. ``Thanks to all avid pokers out there'' -- linux.conf.au, 17-20 January 2001
Attachment:
pgp4kp9B1MIgg.pgp
Description: PGP signature