[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#496386: The possibility of attack with the help of symlinks in some Debian packages



On Monday 25 August 2008 07:16, Christian Perrier wrote:
> Quoting Steve Langasek (vorlon@debian.org):
> > This is far below the quality I expect from a mass bug filing that's been
> > reviewed by debian-devel.  Mass bugfilings at RC severity need to be held
> > to
>
> Even though I overread the thread when Dmitry posted his intent to
> -devel, I feel like there was *no* strong agreement that this MBF was
> really wished and welcomed.

Yes, this mass bug filing is of bad quality and should not have happened as 
such. However:

> If I come on any such bug on packages I maintain or co-maintain, I
> will immediately downgrade the bug report in such way, mentally
> thanking the bug submitter for the extra work and ranting about yet
> another nice method to delay the release.

I would like to ask maintainers not to do this. I've quickly checked just a 
number of these bugs and, between the false positives, already found a 
handfull of genuine, true positive issues. Checking where the bug comes from 
usually doesn't take a lot of time, so while I share the annoyance, you are 
already annoyed, so better turn it into something useful by double-checking 
the code rather than downgrading them out of hand.


cheers,
Thijs

Attachment: pgpuO0k1rIYeW.pgp
Description: PGP signature


Reply to: