[Pkg-javascript-devel] Bug#760385: lowering severity of bugs not tracked by release team
Jonas Smedegaard
dr at jones.dk
Sat Dec 20 10:48:28 UTC 2014
[sent again, cc correct list address this time]
Quoting Michael Gilbert (2014-12-20 11:06:47)
> On Sat, Dec 20, 2014 at 4:59 AM, Balint Reczey wrote:
>> On Fri, 19 Dec 2014 21:11:10 -0500 Michael Gilbert wrote:
>>> control: severity -1 important
>>>
>>> There is no security support for libv8 in jessie, so security issues
>>> aren't RC.
>> Could you please add some links to explain that?
>> I was about to fix this issue in an NMU after double-checking the
>> fix.
>
> Severity doesn't say anything about whether or not a bugs can be
> fixed, so you can still do that. Anyway it was decided recently on
> the security team ml.
I find it sensible for the security team to give up on maintaining some
packages - and I find it great to try communicate that to our users by
use of the debian-security-support package.
Just now I learned from above bugreport that the security team also
actively *lower* bugreports to avoid them being treated as release
candidate, for packages not maintained by the security team. That I
find a horrible approach: Severity of a bug is independent on whether it
will be fixed or not. The more proper tag to use is *-ignore, IMO.
Please let us not hide problems!
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/attachments/20141220/ed493768/attachment.sig>
More information about the Pkg-javascript-devel
mailing list