[Reportbug-maint] Bug#372720: Mode experts allows to bypass the reportbug criticity limitations

Sandro Tosi morph at debian.org
Tue Jun 23 13:57:07 UTC 2009 

Hi Simon,
thanks for the prompt reply

On Tue, Jun 23, 2009 at 13:58, Simon Waters<simon at technocool.net> wrote:
> Sandro Tosi wrote:
>>
>> do you find this solution acceptable? Can we then consider this bug
>> closed?
>
> I feel it is unacceptable, but it comes down to Debian policy and procedure
> issues I'm not familiar enough to comment on.

let's see :)

> The point of this mode is to guide users unfamiliar with Debian policy to

if we talk only about "users" they then to exaggerate the level of a
bug because make their system broken without looking at the situation
as a whole distribution.

> make a good bug report, this bug refers to a feature that in some cases they
> will file a bug as Grave, when it should be Critical.

The distintion is so small, and it's coded in the policy

> If Debian procedures ensure Grave bugs are reviewed as promptly as Critical
> bugs, then this bug is unimportant

they are both RC (release critical): Debian release when the count of
RC bugs goes to 0 (or very near to, as decided by release team); so
yes, they are treated both as "urgent" bugs to fix asap.

> (but then why have a Critical level in that case?).

that's the point. it is clarified here [1]:

critical
    makes unrelated software on the system (or the whole system)
break, or causes serious data loss, or introduces a security hole on
systems where you install the package.
grave
    makes the package in question unusable or mostly so, or causes
data loss, or introduces a security hole allowing access to the
accounts of users who use the package.

[1] http://www.debian.org/Bugs/Developer#severities

Now honestly how many users (*not* developers) are able to correctly
identify what severity to choose?

> If not, then this bug might result in Critical issues not being
> dealt with as promptly as they should.

both they are addressed as soon as possible.

> I don't think we can assume people using a mode to assist them with bug
> reporting will use an expert mode or other workaround (email the bug
> system), they may assume that the tool is doing the "right thing".

'expert' mode is here to assist people that can do things possible
with wide impact, so that lower modes have stricter rules.

> I appreciate it is difficult, as there are competing interests in reducing
> spurious reporting of critical bugs, and also of ensuring genuinely critical
> issues are dealt with promptly.

critical and grave are very important bugs, but as per policy they
have different meaning for *the project* not for the *users*.

Let me make an example: if the driver for my video board stops working
upon upgrade, the bug is grave and NEVER critical. Instead, if a
package does "rm -rf /etc/" in this packaging script, then it IS
critical

Cheers,
-- 
Sandro Tosi (aka morph, morpheus, matrixhasu)
My website: http://matrixhasu.altervista.org/
Me at Debian: http://wiki.debian.org/SandroTosi

More information about the Reportbug-maint mailing list