Comment 4 for bug 2028915
Revision history for this message
| Thadeu Lima de Souza Cascardo (cascardo) wrote | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
So, the expectation is that an explanation is always needed when the priority is not medium, not when it diverges from CVSS score? What about when the priority is left as medium, but a CVSS score is HIGH or CRITICAL? Wouldn't an explanation be expected?
I see how not wasting time adding an explanation for a negligible vulnerability would make sense, but since time has been already spent on identifying a given vulnerablity is negligible, the explanation would be the result of that assessment.
Cascardo.