[Pkg-xfce-devel] Bug#517020: Bug#517020: Bug#517020: thunar: potential exploits via application launchers

Michael Gilbert michael.s.gilbert at gmail.com
Sun Mar 1 03:31:01 UTC 2009

On Wed, 25 Feb 2009 09:12:29 +0100 Yves-Alexis Perez wrote:
> No, and you perfectly now that. I'm not sure the severity is “grave”,
> but you purposely put this tag, forbidding any thunar migration in
> squeeze for the ongoing 4.6 release. (wow, this issue must really ease
> release-time job… or not?)

as the package maintainer, you have the right (and responsibility) to
override the reported severity rating if you disagree with the
submitter (although if that's the case, i think that there is a problem
with debian's documentation [1] since it appears to indicate that any
and all security holes are to be reported as grave).

other than that, i think your justification makes sense, and i will not
object if you wish to downgrade the severity to important.

i do not wish to be the cause of blocking your 4.6 transition.

best wishes,

[1] http://www.debian.org/Bugs/Developer

More information about the Pkg-xfce-devel mailing list