Missing Urgencies in Tracker
What does it mean when the "Urgency" is neither "low", "medium", or
"high" on the tracker pages, for example CVE-2007-3073 (iceweasel) and
many others in [1]? Does that mean that the urgency has yet to be
assigned, or is it unknown? Should I assume that the urgency is
"high" until there is further information indicating otherwise?
It is rather confusing to have entries without a specified urgency.
The urgency of security issues need to be categorized (otherwise there
is no way for the user to determine how concerned he or she should be
about a particular issue).
Maybe there should be a requirement to always assign an urgency when a
security issue is reported?
Thanks.
[1] http://security-tracker.debian.net/tracker/status/release/unstable
Reply to: