[Secure-testing-team] Some notes on data commits
Florian Weimer
fw at deneb.enyo.de
Sat Jan 13 18:41:11 CET 2007
* Moritz Muehlenhoff:
> - Severity ratings have been repeatedly picked up by news sites
> taking it as an official position of the Debian project and
> indirectly the Security Team. This means that severity ratings
> should only be added with great care. Not every issue needs
> a severity rating, if in doubt leave out or mark it unknown.
I doubt the severity ratings in the tracker are used by news
organisations (perhaps with the exception of LWN), given that it's
virtually unknown.
But we should assign the severities such that "high" means "we must
work on this ASAP", and "medium" something like "we should really try
fix this". It doesn't make sense if most open security bugs are
flagged as "high" because it defeats the purpose of multiple severity
levels.
More information about the Secure-testing-team
mailing list