Re: a question about BTS severities

To: joey@kitenet.net (Joey Hess)
Cc: debian-devel@lists.debian.org
Subject: Re: a question about BTS severities
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Tue, 28 Sep 1999 10:04:24 +1000
Message-id: <[🔎] 199909280004.KAA07520@gondor.apana.org.au>
In-reply-to: <[🔎] 19990927093339.G18583@kitenet.net> <[🔎] 19990927161443.B19361@kitenet.net>

Joey Hess <joey@kitenet.net> wrote:
> Herbert Xu wrote:
>> 
>> I disagree.  If a package causes a remote root exploit to be available, even
>> if it's only in a very specific configuration, I would say that it is critical.

> No, it's grave. All security bugs are grave, it's part of the definition of
> that priority. And later in my message, I said:

Actually, it should be critical if it's a root exploit.  Grave only includes
those that only comprise the user's account.

>   Similarly, I don't think a bug is grave if it makes a package unusable by 
>   just one person in an odd sitution. On the other hand, I think all security 
>   and data loss bugs are grave, even if only a few people can trigger them. 

Sorry for missing that bit.
-- 
Debian GNU/Linux 2.1 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Reply to:

Follow-Ups:
- Re: a question about BTS severities
  - From: Joey Hess <joey@kitenet.net>

References:
- Re: a question about BTS severities
  - From: Joey Hess <joey@kitenet.net>

Prev by Date: Attention Herbert Xu: FWD: failure notice
Next by Date: Re: /usr/share/doc?
Previous by thread: Re: a question about BTS severities
Next by thread: Re: a question about BTS severities
Index(es):
- Date
- Thread