severity 279965 serious tags 279965 sarge-ignore thanks Hi Paul, On Tue, May 24, 2005 at 10:24:05PM +0100, Paul Martin wrote: > I've been persuaded that this is an RC bug in logrotate (it changes > behaviour from what woody did and can potentially cause data loss to > happen if a script doesn't run). > I've bumped its severity to "grave". There are three possible fixes: This bug does not fit the definition of "grave"; it is not a security hole, cause data loss, or make the package unusable or mostly so. If you believe this bug is RC, then it falls under the definition of "serious" (in the maintainer's opinion, makes the package unsuitable for release). As logrotate is not the only package that requires exec perms on /tmp, and we have also never committed to noexec /tmp being a supported configuration (the security benefits are trivial, and are just one miniscule step up in the arms race between worm writers and system admins), I think it's far too late to treat this as release-critical for sarge. Hence, I'm tagging it sarge-ignore. If you should happen to upload a suitable fix in the remaining time before release, I'll be happy to consider letting it into sarge, but I don't believe this is a bug that should delay the release. If not, you're welcome to submit a patch to debian-doc for inclusion in the release notes. Thanks, -- Steve Langasek postmodern programmer
Attachment:
signature.asc
Description: Digital signature