Antoine and Weston, You make a very good point about crashes, particularly the security risk. I'll add that to the scope of the definition.
On Sat, Jan 14, 2023 at 9:54 AM Antoine Pitrou <anto...@python.org> wrote: > > A crash on invalid *user* input can easily turn into a security > vulnerability (if only because it's a possible vector for DoS attacks), > and so should definitely be considered critical. > > What's not critical is a crash when the caller of a C++ API doesn't > respect the API contract (e.g. passes a null pointer where non-null is > expected). > > Regards > > Antoine. > > > Le 14/01/2023 à 17:47, Weston Pace a écrit : > > On further thought it seems a little odd to me that crashes are not > > critical. However, many of our crashes are from a failure to properly > > validate user input, which I agree isn't as critical. Would it be too > > nuanced to say that: > > > > * A crash, given valid input, is critical > > * A crash, given invalid input, is not critical > > > > > > > > On Sat, Jan 14, 2023, 8:12 AM Antoine Pitrou <anto...@python.org> wrote: > > > >> > >> Hi Will, > >> > >> Le 14/01/2023 à 17:06, Will Jones a écrit : > >>>> > >>>> I'm quite skeptical about this. My experience is that many people > have a > >>>> very subjective idea of what is critical or not, and the > categorization > >>>> ends up not very informative. > >>> > >>> Antoine, skeptical about the definition of "Critical Fix"? Or something > >>> else? On "Critical Fix", I tried to make the definition provided not > very > >>> ambiguous, but the PR is open for feedback. > >>> > >>> Keep in mind, I am planning on grooming these labels once every > release, > >>> and including them in the generation of the changes notes. So any drift > >> in > >>> the definition will be corrected before the final list of breaking > >> changes > >>> and critical fixes are published. > >> > >> That clears my concerns then :-) > >> > >> However, I think that an additional "Priority: critical" isn't very > >> useful and will end up confusing people. > >> > >> Regards > >> > >> Antoine. > >> > > >
