Re: On Bugs

To: Joey Hess <joeyh@debian.org>, debian-devel@lists.debian.org
Subject: Re: On Bugs
From: Christian Pernegger <pernegger@chello.at>
Date: Wed, 4 Oct 2000 00:21:35 +0200
Message-id: <20001004002135.A2002@southpark.chp>
In-reply-to: <20001003144835.C24638@kitenet.net>; from joeyh@debian.org on Tue, Oct 03, 2000 at 02:48:36PM -0700
References: <20001001062514.C16484@azure.humbug.org.au> <20001003144835.C24638@kitenet.net>

> It might make sense to ditch the severity question entirely and ask a
> series of y/n questions like:
> 
> Does this bug introduce a security hole?
> Has it caused data loss?
> Does it break unrelated software (or the whole system)?
> Does it make the package unusable?
> Do you think other people are likely to be bothered by it?
> Should the buggy package be removed from the next release of debian if
>   it is not fixed?
> Do you know of a fix or workaround for the bug (include in report if so)?
> Can you reproduce the bug?
> Is this just a feature request?

I, lowly user, wholeheartedly agree!

Until this thread started I didn't even know that the severity definitions
are so much about policy, I always tried to evaluate the bug based on
the short descriptions at www.debian.org/Bugs/Developer#severities, along the
lines of:

I installed the package and it ate a filesystem/made the system unbootable/
mailed my password files to who-knows-where...  --> critical

It trashed its own or connected data/refuses to run (if it's a service)/
makes it possible to gain its privileges to a remote user... --> grave

It doesn't work, but nothing much else cares (segfaults), locally exploitable,
wrong but not dangerously so documentation. --> important
All are, IMVHO, reasons to drop it from a release.

Everything else in normal, apart from hallucinations which go to whishlist :)

I'd have classified the color-blind bug normal. That doesn't mean it isn't
important, after all.

So, yes, let's have bug types (additionally)! It is far easier for a user to
classify the type of a bug. Even better if you do questions.

I think some kind of rating should be possible, where appropriate:

type 'security'
	risk low | risk med | risk high | can't say

but

type 'policy'
	violates may | violates should | violates must

type 'whishlist'

No rating here, just feature requests. Typo reports belong somewhere
else...

Just my 2c

Christian


> Of course some of these questions can be skipped based on the answers of
> others (I feel there's a dichotomous key hidden in here somewhere). The
> point though is that these questions map to the severities we have now, or 
> provide information the maintainer will want to know. Then the bug tool
> could calculate a severity from the answers and include the answers in
> the report for good measure.
> 
> -- 
> see shy jo
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Attachment: pgp4DWBdKCApd.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: On Bugs
  - From: Brian May <bam@debian.org>

References:
- Re: On Bugs
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Re: ITP: webmin
Next by Date: Re: Possibly quite a few bugs?
Previous by thread: Re: On Bugs
Next by thread: Re: On Bugs
Index(es):
- Date
- Thread