Re: NEW queue processing causes relaxed treatment of security issues
On 2026-01-14 NoisyCoil <noisycoil@debian.org> wrote:
[...]
> Not "direct", no. "Unmaintained since 2023" is not a serious bug IMHO,
> regardless of whether it has a "RUSTSEC" label sticked on it. So given that
> 1. severity serious would "needlessly trigger removals" (emphasis on
> needlessly), as clearly stated in my answer to the bug report
> 2. fixing the bug requires a NEW package and the NEW queue seems to be
> currently stuck because of the ftpmasters uncertainty, so there's not much I
> can do to fix the bug soon, regardless of severity
> 3. keeping serious severity means I would have to periodically remember to
> answer the bug to avoid the autoremovals, without being actually able to act
> on the bug
> 4. the bug still merits increased attention
> I think downgrading to important is the right thing to do. Plus I added the
> affected package so we can keep track of that too.
[...]
Hello,
I cannot judge whether the bug *is* serious.
Apart from that the reasoning 1-4 does not make semnse to me. *If* the
bug is serious and cannot be fixed right now the correct thing to do is
not to ping the bug to prevent autoremovals but let the autoremoval
happen to avoid having packagages in testing that are not releasable.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
Reply to: