[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug severity and private data disclosure

Vincent Lefevre <vincent@vinc17.net> (10/06/2013):
> I reported a bug involving private data disclosure, more precisely,
> on some network, when printing a file with CUPS 1.6, the file is
> printed on a wrong printer[*]. The bug severity was downgraded to
> important (i.e. non-RC), despite the obvious security problem.

Just in case this isn't obvious: we have tags, and we have severities.
The bug is tagged security, fine; that doesn't imply it has to be RC
in addition.

Since you seem concerned about apt-listbugs, make it support listing
security bugs (optionally with a given severity threshold, so as to
ignore minor or normal bug reports tagged security), and there you go.

[ From a quick look at the changelog, it used to be supported, the
  support broke, and got removed. Fixing/adding it back might make
  sense. ]


Attachment: signature.asc
Description: Digital signature

Reply to: