Re: NEW queue processing causes relaxed treatment of security issues
> On 15 Jan 2026, at 12:20 AM, NoisyCoil <noisycoil@disroot.org> wrote:
>
> On 1/14/26 19:24, Andreas Metzler wrote:
>> Apart from that the reasoning 1-4 does not make semnse to me.
>
> Oh and to elaborate a bit, since apparently it's actually 2+3 that does not make sense to you: if I could fix the bug immediately I would probably not even care about severity and just fix it. No need to get contentious about every single thing, really. But since I cannot fix the bug in the foreseeable future, and severity serious *needlessly* triggers autoremovals and *needlessly* worsens maintenance burden, I now need to care about severity. The bug is not serious, so I decrease severity of the bug to important.
While you’re right to point out that NEW processing could take time, asking FTP masters on #debian-ftp in the past seems to have
worked for me to expedite processing of my uploads in the past.
I also see other DDs doing so, and there’s at least some amount of success there. I feel the situation wrt
NEW processing is better than it sounds on the bug report.
That being said, I /do/ agree with the downgrading of severity to important (I took a look at the corresponding rustsec as well).
There are tons of (upstream) un-maintained packages in Debian already, which haven’t seen activity for more than
3-4 years (which also includes some of Jonas’ packages).
I don’t see why this package is particularly special to warrant a serious severity bug report.
I am tempted to re-assign the severity to important again (someone changed it meanwhile) but playing ping-pong is
not the best use of my time.
Best,
Nilesh
Reply to: