Hi, 在 2025/10/18 06:35, Aaron Rainbolt 写道: > On Fri, 17 Oct 2025 23:27:09 +0100 > Simon McVittie <smcv@debian.org> wrote: > >> On Fri, 17 Oct 2025 at 14:27:32 -0500, Aaron Rainbolt wrote: >>> The Debian Policy manual states in section 2.2.1: >>> >>>> In addition, the packages in main >>>> ... >>>> * must not be so buggy that we refuse to support them... >>> >>> I would argue Stardict is this buggy. >> >> If that's the case, the first place to report it would be a RC bug >> against the stardict package (and if the stardict maintainer >> downgrades the severity of RC bugs in a way that is contrary to >> project consensus, the group that can overrule them is the release >> team or the technical committee). > > This has already happened. See > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110370, which was > filed with severity "critical" and tag "security", and which the > maintainer changed to severity "wishlist" and removed the "security" > tag from. The maintainer later upgraded the severity to "Important", > but still did not leave it release-critical, thus why the vulnerability > still exists in Trixie. About fix this vulnerability in Trixie, Please see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113750 The Debian Release Team will review it before next stable point release. Regards, -- 肖盛文 xiao sheng wen -- Debian Developer(atzlinux) Debian QA page: https://qa.debian.org/developer.php?login=atzlinux%40debian.org Debian salsa: https://salsa.debian.org/atzlinux-guest GnuPG Public Key: 0x00186602339240CB
Attachment:
OpenPGP_0x00186602339240CB.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature