[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Please look at bug #279965

severity 279965 serious
tags 279965 sarge-ignore

Hi Paul,

On Tue, May 24, 2005 at 10:24:05PM +0100, Paul Martin wrote:
> I've been persuaded that this is an RC bug in logrotate (it changes 
> behaviour from what woody did and can potentially cause data loss to 
> happen if a script doesn't run).

> I've bumped its severity to "grave". There are three possible fixes:

This bug does not fit the definition of "grave"; it is not a security hole,
cause data loss, or make the package unusable or mostly so.

If you believe this bug is RC, then it falls under the definition of
"serious" (in the maintainer's opinion, makes the package unsuitable for

As logrotate is not the only package that requires exec perms on /tmp, and
we have also never committed to noexec /tmp being a supported configuration
(the security benefits are trivial, and are just one miniscule step up in
the arms race between worm writers and system admins), I think it's far too
late to treat this as release-critical for sarge.  Hence, I'm tagging it

If you should happen to upload a suitable fix in the remaining time before
release, I'll be happy to consider letting it into sarge, but I don't
believe this is a bug that should delay the release.

If not, you're welcome to submit a patch to debian-doc for inclusion in the
release notes.

Steve Langasek
postmodern programmer

Attachment: signature.asc
Description: Digital signature

Reply to: