Re: What you can do for "Lenny"

To: debian-devel@lists.debian.org
Subject: Re: What you can do for "Lenny"
From: Charles Plessy <plessy@debian.org>
Date: Tue, 7 Oct 2008 09:33:43 +0900
Message-id: <[🔎] 20081007003343.GB27324@kunpuu.plessy.org>
In-reply-to: <20081006164449.GC23237@melusine.alphascorpii.net>
References: <20081006164449.GC23237@melusine.alphascorpii.net>

Le Mon, Oct 06, 2008 at 06:44:49PM +0200, Alexander Reichle-Schmehl a écrit :
> Too many release critical bugs

Hi all,

as one of the maintainer of the packages affected by the mass bug filing
named "The possibility of attack with the help of symlinks in some Debian
packages", I would like to make a comment:

Most of these bugs can only be exploited by a local user, are not
regressions, and do not permit to obtain superuser priviledges. In the
case of my package, the whole process of solving the issue in emergency
consumed a lot of time that could have been saved by adopting a simpler
workflow: report upstream, wait for the fix, and backport if necessary
or possible.

How about downgrading the severity of the bug reports to a level that
reflects the severity of the problem?

Have a nice day,

-- 
Charles Plessy
Debian Med packaging team,
Tsurumi, Kanagawa, Japan

Reply to:

Follow-Ups:
- Re: What you can do for "Lenny"
  - From: Thijs Kinkhorst <thijs@debian.org>

Prev by Date: Re: List of RC-buggy source packages by maintainer/uploader
Next by Date: Re: List of RC-buggy source packages by maintainer/uploader
Previous by thread: Re: What you can do for "Lenny"
Next by thread: Re: What you can do for "Lenny"
Index(es):
- Date
- Thread