Message-ID: <email address hidden>
Date: Thu, 29 Jul 2004 02:22:55 +0100
From: Colin Watson <email address hidden>
To: <email address hidden>, <email address hidden>
Cc: Frederik Dannemare <email address hidden>
Subject: not release-critical
severity 261906 normal
thanks
This bug isn't covered by the list of issues meriting a serious bug in http://release.debian.org/sarge_rc_policy.txt. I don't really buy it
being a security bug either; while it may introduce some small
additional exposure, it doesn't "introduce a security hole on systems
where you install the package", and if that were true then the
vulnerability in inetd should simply be fixed. In general design issues
like this don't merit serious bugs unless the maintainer says so.
I'm therefore setting the severity back to its previous value of normal.
Sorry.
Message-ID: <email address hidden>
Date: Thu, 29 Jul 2004 02:22:55 +0100
From: Colin Watson <email address hidden>
To: <email address hidden>, <email address hidden>
Cc: Frederik Dannemare <email address hidden>
Subject: not release-critical
severity 261906 normal
thanks
This bug isn't covered by the list of issues meriting a serious bug in release. debian. org/sarge_ rc_policy. txt. I don't really buy it
http://
being a security bug either; while it may introduce some small
additional exposure, it doesn't "introduce a security hole on systems
where you install the package", and if that were true then the
vulnerability in inetd should simply be fixed. In general design issues
like this don't merit serious bugs unless the maintainer says so.
I'm therefore setting the severity back to its previous value of normal.
Sorry.
Cheers,
--
Colin Watson [<email address hidden>]