[Pkg-javascript-devel] Bug#760385: lowering severity of bugs not tracked by release team

Jonas Smedegaard dr at jones.dk
Sat Dec 20 10:48:28 UTC 2014


[sent again, cc correct list address this time]

Quoting Michael Gilbert (2014-12-20 11:06:47)
> On Sat, Dec 20, 2014 at 4:59 AM, Balint Reczey wrote:
>> On Fri, 19 Dec 2014 21:11:10 -0500 Michael Gilbert wrote:
>>> control: severity -1 important
>>>
>>> There is no security support for libv8 in jessie, so security issues 
>>> aren't RC.
>> Could you please add some links to explain that?
>> I was about to fix this issue in an NMU after double-checking the 
>> fix.
>
> Severity doesn't say anything about whether or not a bugs can be 
> fixed, so you can still do that.  Anyway it was decided recently on 
> the security team ml.

I find it sensible for the security team to give up on maintaining some 
packages - and I find it great to try communicate that to our users by 
use of the debian-security-support package.

Just now I learned from above bugreport that the security team also 
actively *lower* bugreports to avoid them being treated as release 
candidate, for packages not maintained by the security team.  That I 
find a horrible approach: Severity of a bug is independent on whether it 
will be fixed or not.  The more proper tag to use is *-ignore, IMO.

Please let us not hide problems!


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/attachments/20141220/ed493768/attachment.sig>


More information about the Pkg-javascript-devel mailing list