> It might make sense to ditch the severity question entirely and ask a > series of y/n questions like: > > Does this bug introduce a security hole? > Has it caused data loss? > Does it break unrelated software (or the whole system)? > Does it make the package unusable? > Do you think other people are likely to be bothered by it? > Should the buggy package be removed from the next release of debian if > it is not fixed? > Do you know of a fix or workaround for the bug (include in report if so)? > Can you reproduce the bug? > Is this just a feature request? I, lowly user, wholeheartedly agree! Until this thread started I didn't even know that the severity definitions are so much about policy, I always tried to evaluate the bug based on the short descriptions at www.debian.org/Bugs/Developer#severities, along the lines of: I installed the package and it ate a filesystem/made the system unbootable/ mailed my password files to who-knows-where... --> critical It trashed its own or connected data/refuses to run (if it's a service)/ makes it possible to gain its privileges to a remote user... --> grave It doesn't work, but nothing much else cares (segfaults), locally exploitable, wrong but not dangerously so documentation. --> important All are, IMVHO, reasons to drop it from a release. Everything else in normal, apart from hallucinations which go to whishlist :) I'd have classified the color-blind bug normal. That doesn't mean it isn't important, after all. So, yes, let's have bug types (additionally)! It is far easier for a user to classify the type of a bug. Even better if you do questions. I think some kind of rating should be possible, where appropriate: type 'security' risk low | risk med | risk high | can't say but type 'policy' violates may | violates should | violates must type 'whishlist' No rating here, just feature requests. Typo reports belong somewhere else... Just my 2c Christian > Of course some of these questions can be skipped based on the answers of > others (I feel there's a dichotomous key hidden in here somewhere). The > point though is that these questions map to the severities we have now, or > provide information the maintainer will want to know. Then the bug tool > could calculate a severity from the answers and include the answers in > the report for good measure. > > -- > see shy jo > > > -- > To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org >
Attachment:
pgp4DWBdKCApd.pgp
Description: PGP signature