Re: Accepted atftp 0.6.2 (i386 source)

To: debian-devel@lists.debian.org
Subject: Re: Accepted atftp 0.6.2 (i386 source)
From: Nick Phillips <nwp@nz.lemon-computing.com>
Date: Tue, 8 Jul 2003 22:47:21 +1200
Message-id: <[🔎] 20030708104721.GM29047@hoiho.nz.lemon-computing.com>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20030707182355.GB12887@tennyson.netexpress.net>
References: <E19ZDbP-0002ET-00@auric.debian.org> <[🔎] 20030707174849.GJ13727@deadbeast.net> <[🔎] 20030707182355.GB12887@tennyson.netexpress.net>

On Mon, Jul 07, 2003 at 01:23:57PM -0500, Steve Langasek wrote:
> On Mon, Jul 07, 2003 at 12:48:49PM -0500, Branden Robinson wrote:
> > On Sun, Jul 06, 2003 at 01:47:07PM -0400, Remi Lefebvre wrote:
> > > Changes: 
> > >  atftp (0.6.2) unstable; urgency=low
> > >  .
> > >    * Fixed local and remote buffer overflow (Closes: #196304)
> 
> > In the future, please upload security fixes with urgency=high.
> 
> I'm assuming this is only appropriate if the vulnerability affects
> testing?  Since the main impact of setting the 'urgency' field is
> affecting propagation time into testing, it doesn't seem appropriate to
> give higher priority to a package which only suffered from a
> vulnerability in the unstable version.

I was under the impression that the urgency field was supposed to be
an indicator of how important the upgrade is likely to be to users of
the package, and that the testing propagation was just a handy side-use.


Cheers,


Nick
-- 
Nick Phillips -- nwp@lemon-computing.com
Write yourself a threatening letter and pen a defiant reply.

Reply to:

References:
- Re: Accepted atftp 0.6.2 (i386 source)
  - From: Branden Robinson <branden@debian.org>
- Re: Accepted atftp 0.6.2 (i386 source)
  - From: Steve Langasek <vorlon@netexpress.net>

Prev by Date: SUBSCRIBE
Next by Date: Re: NEWS.Debian support is here
Previous by thread: Re: Accepted atftp 0.6.2 (i386 source)
Next by thread: Debian/amd64 at Ottawa Linux Symposium [July 24th 2003]
Index(es):
- Date
- Thread