Message-ID: <20050324091901.GO30645@seventeen>
Date: Thu, 24 Mar 2005 10:19:01 +0100
From: Bill Allombert <email address hidden>
To: <email address hidden>, <email address hidden>
Subject: Re: Bug#299007: base-files: Insecure PATH in /root/.profile
On Thu, Mar 24, 2005 at 07:11:18PM +1100, <email address hidden> wrote:
> Dear Debian BTS gurus,
>
> A day or so ago, in connection with another bug (#295435), I discovered
> the existence and use of <email address hidden>. Out of curiosity, I
> tried to set the severity of this bug to critical; to my amazement, this
> worked; but then Manoj Srivastava set the severity back to wishlist.
>
> My question: are the public in general and bug submitters in particular,
> expected or permitted to use <email address hidden>?
Yes, they are. However we expect them to follow the rules.
This bug is now assigned to the debian-policy package.
One of the rules is that policy proposal are wishlist by definition.
See the policy-process document:
/usr/share/doc/debian-policy/policy-process.txt.gz
3.1. Initiating discussions
...
Once the proposer is satisfied that the proposal has merit (with or
without trying the waters on the list), the proposer should file a
_wishlist_ bug against the debian-policy package. This stage can be
initiated by any member of the list.
Definition of severity can be found here:
/usr/share/doc/debian/bug-maint-info.txt
critical
makes unrelated software on the system (or the whole system)
break, or causes serious data loss, or introduces a security
hole on systems where you install the package.
In no way installing the debian-policy package introduce a security
hole, causes serious data loss or makes unrelated software on the system
break.
Message-ID: <20050324091901 .GO30645@ seventeen>
Date: Thu, 24 Mar 2005 10:19:01 +0100
From: Bill Allombert <email address hidden>
To: <email address hidden>, <email address hidden>
Subject: Re: Bug#299007: base-files: Insecure PATH in /root/.profile
On Thu, Mar 24, 2005 at 07:11:18PM +1100, <email address hidden> wrote:
> Dear Debian BTS gurus,
>
> A day or so ago, in connection with another bug (#295435), I discovered
> the existence and use of <email address hidden>. Out of curiosity, I
> tried to set the severity of this bug to critical; to my amazement, this
> worked; but then Manoj Srivastava set the severity back to wishlist.
>
> My question: are the public in general and bug submitters in particular,
> expected or permitted to use <email address hidden>?
Yes, they are. However we expect them to follow the rules.
This bug is now assigned to the debian-policy package.
One of the rules is that policy proposal are wishlist by definition. doc/debian- policy/ policy- process. txt.gz
See the policy-process document:
/usr/share/
3.1. Initiating discussions
...
Once the proposer is satisfied that the proposal has merit (with or
without trying the waters on the list), the proposer should file a
_wishlist_ bug against the debian-policy package. This stage can be
initiated by any member of the list.
Definition of severity can be found here: doc/debian/ bug-maint- info.txt
/usr/share/
critical
makes unrelated software on the system (or the whole system)
break, or causes serious data loss, or introduces a security
hole on systems where you install the package.
In no way installing the debian-policy package introduce a security
hole, causes serious data loss or makes unrelated software on the system
break.
Cheers,
--
Bill. <email address hidden>
Imagine a large red swirl here.