[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#496386: The possibility of attack with the help of symlinks in some Debian packages

Quoting Steve Langasek (vorlon@debian.org):

> This is far below the quality I expect from a mass bug filing that's been
> reviewed by debian-devel.  Mass bugfilings at RC severity need to be held to

Even though I overread the thread when Dmitry posted his intent to
-devel, I feel like there was *no* strong agreement that this MBF was
really wished and welcomed.

I should also have added that I personnally strongly object to it for
three reasons:

- timing wrt the release
- timing wrt the "half of the developers are VAC" status we generally
  have in August
- the obvious lack of preparation

It may sound like acting against the "we will not hide problems" item
in the Social Contract, but I wouldn't be shocked if *all* these RC
bugs are downgraded to important (I would even downgrade them to
wishlist, see the example that made Neil react).

If I come on any such bug on packages I maintain or co-maintain, I
will immediately downgrade the bug report in such way, mentally
thanking the bug submitter for the extra work and ranting about yet
another nice method to delay the release.

Attachment: signature.asc
Description: Digital signature

Reply to: