Missing Urgencies in Tracker

To: debian-security-tracker@lists.debian.org
Subject: Missing Urgencies in Tracker
From: "Michael Gilbert" <michael.s.gilbert@gmail.com>
Date: Thu, 22 May 2008 23:37:12 -0400
Message-id: <[🔎] 8e2a98be0805222037g2158b672oaa4492dc6c90e308@mail.gmail.com>

What does it mean when the "Urgency" is neither "low", "medium", or
"high" on the tracker pages, for example CVE-2007-3073 (iceweasel) and
many others in [1]?  Does that mean that the urgency has yet to be
assigned, or is it unknown?  Should I assume that the urgency is
"high" until there is further information indicating otherwise?

It is rather confusing to have entries without a specified urgency.
The urgency of security issues need to be categorized (otherwise there
is no way for the user to determine how concerned he or she should be
about a particular issue).

Maybe there should be a requirement to always assign an urgency when a
security issue is reported?

Thanks.

[1] http://security-tracker.debian.net/tracker/status/release/unstable

Reply to:

Follow-Ups:
- Re: Missing Urgencies in Tracker
  - From: Steffen Joeris <steffen.joeris@skolelinux.de>

Prev by Date: Re: DTSA-131-1 ?
Next by Date: Re: Missing Urgencies in Tracker
Previous by thread: Re: DTSA-131-1 ?
Next by thread: Re: Missing Urgencies in Tracker
Index(es):
- Date
- Thread