Bug#603450: Is 603450 realy release critical?

To: debian-release@lists.debian.org, 603450@bugs.debian.org
Subject: Bug#603450: Is 603450 realy release critical?
From: Carsten Hey <carsten@debian.org>
Date: Wed, 8 Dec 2010 12:00:35 +0100
Message-id: <[🔎] 20101208110035.GA22617@furrball.stateful.de>
Mail-followup-to: Carsten Hey <carsten@debian.org>, debian-release@lists.debian.org, 603450@bugs.debian.org
Reply-to: Carsten Hey <carsten@debian.org>, 603450@bugs.debian.org
In-reply-to: <[🔎] 20101208093723.GA30665@wavehammer.waldi.eu.org>
References: <[🔎] 20101208074530.GB30959@melusine.alphascorpii.net> <[🔎] 20101208093723.GA30665@wavehammer.waldi.eu.org>

* Bastian Blank [2010-12-08 10:37 +0100]:
> On Wed, Dec 08, 2010 at 08:45:30AM +0100, Alexander Reichle-Schmehl wrote:
> > #603450 is a bug (currently with severity grave, Justification: user
> > security hole), as offlineimap does no ssl certificate checking.
>
> Could you explain why it should be acceptable to announce secure
> operation but ignore the very basic principles of it? #564690 is an old
> example of the same problem.

Could you explain how an example of a bug with a severity set by
yourself supports your point, considering that the maintainer of this
package only agreed about the bugs severity because it was a regression?

Carsten

Reply to:

References:
- Bug#603450: Is 603450 realy release critical?
  - From: Alexander Reichle-Schmehl <tolimar@debian.org>
- Bug#603450: Is 603450 realy release critical?
  - From: Bastian Blank <waldi@debian.org>

Prev by Date: Bug#603450: Is 603450 realy release critical?
Next by Date: Processing of b43-fwcutter_013-3_amd64.changes
Previous by thread: Bug#603450: Is 603450 realy release critical?
Next by thread: Bug#603450: Is 603450 realy release critical?
Index(es):
- Date
- Thread