On Sat, May 17 2014, Russ Allbery wrote:
> Over the years, I've seen endless confusion about the current definition
> of a critical bug severity:
> makes unrelated software on the system (or the whole system) break, or
> causes serious data loss, or introduces a security hole on systems
> where you install the package.
> The confusion seems to always be around the "unrelated software" part of
> that definition. The intended meaning is completely unrelated software on
> the system, indicating a package that's mangling the system in some
> fundamental way, but I've frequently seen people believe, sincerely, that
> reverse dependencies, Perl programs that use a buggy module, or X programs
> on a system with a buggy video driver qualify as unrelated software.
> This makes me think that part of the bug definition is adding more
> confusion than clarity. Should we just drop it?
Could this explanation instead be added as an informative
footnote? Packages that declrare a direct or indirect dependency are
not unrelated?
> makes the entire system unusable, or causes serious data loss, or
> introduces a security hole on systems where you install the package
There is a gap, I think, between the previous meaning and this
statement. If you upload a change to a java-xsml-parser library, and
it breaks make, that does not cause the whole system to be unusable, or
data loss, or a security hole.
Under the old reading, this is a critical bug, but not under the
new reading. In my opinion, it remains a critical bug, to berak totally
unrelated software.
manoj
--
"Rembrandt's first name was Beauregard, which is why he never used it."
Dave Barry
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/~srivasta/>
4096R/C5779A1C E37E 5EC5 2A01 DA25 AD20 05B6 CF48 9438 C577 9A1C
Attachment:
signature.asc
Description: PGP signature