Hello Holger,

On Mon, Jul 14, 2025 at 08:46:10AM +0000, Holger Levsen wrote:
> control: severity -1 important
> thanks
> 
> On Mon, Jul 14, 2025 at 09:52:41AM +0200, Uwe Kleine-König wrote:
> > However uscan keeps ../linux-6.16~rc5.tar.xz after that which makes the
> > next uscan run succeed even though the signature check didn't pass:
> 
> that's obviously very bad but it doesnt make the whole devscripts package 
> seriously
> buggy.

I picked serious according to "Most security bugs should also be set at
critical or grave severity." from https://www.debian.org/Bugs/Developer
and so even stayed below that severity. (I intended to tag the bug
"security" and I recall that I had that in my mail text. I have no
explanation about how that didn't make that to the bts. Thanks to
Salvatore to add the tag later for me.)

Not wanting to fight about severities, I wonder if this will be fixed
for trixie. I agree to your statement that this issue is very bad, so a
fix for the upcoming stable release would be good.

Best regards
Uwe

Attachment: signature.asc
Description: PGP signature

Reply via email to