Severity of security holes (was: Should (not) Bug#22941...)
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 29 Jun 1998, Brian White wrote:
> > p.s. Partially related to this: There were a lot of bugs about security
> > holes in /tmp which were also downgraded to normal. Does this mean that
> > security holes are not important anymore?
>
> It's a matter of severity. In most cases, the /tmp holes are small and
> difficult to exploit, as shown by the many years they have been around
> with few problems. Fixes for them are still being allowed into Hamm but
> I won't hold up the release for them because I don't feel they are
> important enough (hence the severity downgrade). I've talked with Ian
> about this and he agrees.
Mmm, well: Will you make a list of them, at least, so that they
are upgraded to "important" again after hamm release?
I dislike your idea of downgrading a bug just "to be able to release
hamm". Would not be better to know which important bugs have to be fixed,
even if they do not delay the release? How will we know then that a fix is
still allowed in hamm if they are not "important"?
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
iQCVAgUBNZf1FyqK7IlOjMLFAQHcjgP7Bu4KV149Ts2ryRIYgHDtvqj8/yosPsmO
YmuytLRuDuHHlmMV3Y07gurDZE8G1wjgDKW38LmALt9gEp3RKEDQLXOj/mpCkiYC
jcxp7a2ode7J8ceb/z5wHW6Gr/bhrwg5k+bvnzgj7cXZU4CIY+ojrmU3VmdJMCQb
vdLetT4PaPQ=
=C1S1
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: