I reported a bug involving private data disclosure, more precisely, on some network, when printing a file with CUPS 1.6, the file is printed on a wrong printer[*]. The bug severity was downgraded to important (i.e. non-RC), despite the obvious security problem. The given reason was that this kind of security problem is not mentioned on:
http://www.debian.org/Bugs/Developer.en.html#severities If Debian really minds about some forms of security bugs such as private data disclosure, something should be done... Perhaps replace allowing access to the accounts of users who use the package by allowing access to private data of users who use the package (BTW, logging passwords in general log files would fall in the same class of security bugs.) [*] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711848 -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <http://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130610111552.ga17...@ypig.lip.ens-lyon.fr