[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Further changes to the BTS

Hello world,

Four new bug tags:

		This bug describes a security problem in a package (eg,
		bad permissions allowing access to data that shouldn't be
		accessible; buffer overruns allowing people to control
		a system in ways they shouldn't be able to; denial of
		service attacks that should be fixed, etc). Most security
		bugs should also be set at critical or grave severity.

	potato	(replaces "stable") This bug particularly applies to the
		potato release of Debian.
	woody	This bug particularly applies to the (unreleased) woody
	sid	This bug particularly applies to an architecture that is
		currently unreleased (that is, in the sid distribution).

The latter three tags are intended to be used mainly for release critical
bugs, for which it's important to know which distributions are affected
to make sure fixes (or removals) happen in the right place.

A new severity:

	serious (less severe than "grave", more severe than "important")

		is a severe violation of Debian policy (that is, it
		violates a "must" or "required" directive), or, in the
		package maintainer's opinion, makes the package unsuitable
		for release.

Changed definitions of severities:

		a bug which has a major affect on the usability of a package,
		without rendering it completely unusable to everyone.
		the default value, applicable to most bugs.
		a problem which doesn't affect the package's usefulness
		(eg, a grammatical error in a manpage).

Note that the "minor" severity has been around for quite a while, but it's
been fairly undocumented, so it's probably that no one's noticed it.

I expect for woody, that critical, grave and serious bugs will be considered
release critical (that is, they'll generally result in the package being
removed, or ocassionally in the release being delayed while a fix is worked
out); and that, hopefully, the -qa folks will go to some trouble to try
to minimise the number of important bugs before release.

Note that this means a fair few "important" bugs need to have their
severity fixed up (usually to "serious", but also often to "grave" or


Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.

     ``Thanks to all avid pokers out there''
                       -- linux.conf.au, 17-20 January 2001

Attachment: pgp4kp9B1MIgg.pgp
Description: PGP signature

Reply to: