>> From what you describe, I think the right categorization for now is: >> severity=critical, tags=security - what would be the advantage of >> introducing a more fine grained categorization for those issues? > > To me, "critical" seemed to be reserved for root exploits. But the > attacker does not gain root, and may not even be able to alter any data > on the computer, while still using a computer with the vulnerable > software to cause harm to unrelated third parties.
critical description is "makes unrelated software on the system (or the whole system) break, or causes serious data loss, or introduces a security hole on systems where you install the package." and for me what you describe is within "introduces a security hole on systems". Would that make sense for you? Regards, -- Sandro Tosi (aka morph, morpheus, matrixhasu) My website: http://matrixhasu.altervista.org/ Me at Debian: http://wiki.debian.org/SandroTosi _______________________________________________ Reportbug-maint mailing list Reportbug-maint@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reportbug-maint