On Tue, 2006-07-11 at 17:02 -0700, Matt Zimmerman wrote: > > I'm upgrading this bug because checkrestart is currently useless at > > best, and a security problem at worst. It must be fixed or dropped. > > It is not a security problem, and it doesn't make the package unusable. > I agree that it should be dropped if it isn't feasible to fix it.
I argue that it should be considered a security problem: it is possible for users to run it, and not realise that it doesn't work. The users may therefore not notice that they must restart a process in order to eliminate their exposure to a vulnerability (that was fixed by upgrading a library which that process makes use of). The intent of upgrading the severity to 'serious' was to ensure that this bug doesn't slip through the cracks before Etch is released. It is true that it doesn't make the entire package unusable, but then again it can't, since debian-goodies is a collection of different scripts... I think the use of the 'serious' severity is still appropriate here. -- Sam Morris http://robots.org.uk/ PGP key id 5EA01078 3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
