Conversation:
Notices
-
vinc17 (vinc17)'s status on Monday, 10-Jun-2013 06:36:49 EDT 
vinc17
Wow! For !Debian, confidentiality related bugs are not security problems! -
odyx (odyx)'s status on Monday, 10-Jun-2013 07:21:20 EDT 
odyx
What bug are you referring to? -
vinc17 (vinc17)'s status on Monday, 10-Jun-2013 07:58:05 EDT
vinc17
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711848 - file printed on a wrong printer, accessible by other people. !Debian !CUPS -
odyx (odyx)'s status on Monday, 10-Jun-2013 08:03:09 EDT
odyx
In the case of #711848, "For !Debian, confidentiality related bugs are not security problems!" is factually wrong in 2 aspects. -
odyx (odyx)'s status on Monday, 10-Jun-2013 08:04:04 EDT
odyx
1) it's not !Debian, it's me as maintainer; 2) it's not a confidentiality bug. You're also unneccessarily mixing severity with security. -
vinc17 (vinc17)'s status on Monday, 10-Jun-2013 08:18:49 EDT
vinc17
Confidential/private data can be made accessible to other people due to this bug. And security bugs should have RC severity. !Debian -
vinc17 (vinc17)'s status on Monday, 10-Jun-2013 08:21:50 EDT
vinc17
And you're citing http://www.debian.org/Bugs/Developer.en.html#severities meaning that security bugs can be accepted in !Debian releases. -
odyx (odyx)'s status on Monday, 10-Jun-2013 08:27:52 EDT
odyx
Security bugs are handled by the Security Team which (sometimes) decides to let security bugs in !Debian releases. http://deb.li/zTGE -
odyx (odyx)'s status on Monday, 10-Jun-2013 08:28:58 EDT
odyx
If you disagree with the severity, talk to the Release Team. If you disagree with the definition, talk to the Release Team. -
odyx (odyx)'s status on Monday, 10-Jun-2013 08:29:35 EDT
odyx
Arguing on severities doesn't increase my incentive to work on the bug, much to the contrary. For no benefit. #facepalm
-
All Hacker Poesy content and data are available under the