Re: a question about BTS severities

To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: debian-devel@lists.debian.org
Subject: Re: a question about BTS severities
From: Joey Hess <joey@kitenet.net>
Date: Mon, 27 Sep 1999 17:30:51 -0700
Message-id: <[🔎] 19990927173051.F19361@kitenet.net>
Mail-followup-to: Herbert Xu <herbert@gondor.apana.org.au>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 199909280004.KAA07520@gondor.apana.org.au>
References: <[🔎] 19990927093339.G18583@kitenet.net> <[🔎] 199909280004.KAA07520@gondor.apana.org.au>

Herbert Xu wrote:
> Joey Hess <joey@kitenet.net> wrote:
> > Herbert Xu wrote:
> >> 
> >> I disagree.  If a package causes a remote root exploit to be available, even
> >> if it's only in a very specific configuration, I would say that it is critical.
> 
> > No, it's grave. All security bugs are grave, it's part of the definition of
> > that priority. And later in my message, I said:
> 
> Actually, it should be critical if it's a root exploit.  Grave only includes
> those that only comprise the user's account.

Last I checked, root is a user. This is not a formal definition we're
working from, please use common sense. (Note: grave is a _higher_ priotity
than critical. Note also: root exploits tend to turn into user account
exploits as soon as the attacker wants them to.)

-- 
see shy jo

Reply to:

Follow-Ups:
- Re: a question about BTS severities
  - From: "Martin Bialasinski" <martin@internet-treff.uni-koeln.de>
- Re: a question about BTS severities
  - From: Herbert Xu <herbert@gondor.apana.org.au>

References:
- a question about BTS severities
  - From: Joey Hess <joey@kitenet.net>
- Re: a question about BTS severities
  - From: Herbert Xu <herbert@gondor.apana.org.au>

Prev by Date: Re: /usr/share/doc?
Next by Date: Re: a question about BTS severities
Previous by thread: Re: a question about BTS severities
Next by thread: Re: a question about BTS severities
Index(es):
- Date
- Thread