Bug#264985: checkrestart must be fixed or dropped
severity 264985 serious thanks I'm upgrading this bug because checkrestart is currently useless at best, and a security problem at worst. It must be fixed or dropped. -- Sam Morris http://robots.org.uk/ PGP key id 5EA01078 3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#264985: checkrestart must be fixed or dropped
On Tue, 2006-07-11 at 17:02 -0700, Matt Zimmerman wrote: I'm upgrading this bug because checkrestart is currently useless at best, and a security problem at worst. It must be fixed or dropped. It is not a security problem, and it doesn't make the package unusable. I agree that it should be dropped if it isn't feasible to fix it. I argue that it should be considered a security problem: it is possible for users to run it, and not realise that it doesn't work. The users may therefore not notice that they must restart a process in order to eliminate their exposure to a vulnerability (that was fixed by upgrading a library which that process makes use of). The intent of upgrading the severity to 'serious' was to ensure that this bug doesn't slip through the cracks before Etch is released. It is true that it doesn't make the entire package unusable, but then again it can't, since debian-goodies is a collection of different scripts... I think the use of the 'serious' severity is still appropriate here. -- Sam Morris http://robots.org.uk/ PGP key id 5EA01078 3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#264985: checkrestart must be fixed or dropped
severity 264985 important thanks On Wed, Jul 12, 2006 at 12:38:26AM +0100, Sam Morris wrote: severity 264985 serious thanks I'm upgrading this bug because checkrestart is currently useless at best, and a security problem at worst. It must be fixed or dropped. It is not a security problem, and it doesn't make the package unusable. I agree that it should be dropped if it isn't feasible to fix it. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#264985: checkrestart must be fixed or dropped
On Wed, Jul 12, 2006 at 01:10:49AM +0100, Sam Morris wrote: On Tue, 2006-07-11 at 17:02 -0700, Matt Zimmerman wrote: I'm upgrading this bug because checkrestart is currently useless at best, and a security problem at worst. It must be fixed or dropped. It is not a security problem, and it doesn't make the package unusable. I agree that it should be dropped if it isn't feasible to fix it. I argue that it should be considered a security problem: it is possible for users to run it, and not realise that it doesn't work. The users may therefore not notice that they must restart a process in order to eliminate their exposure to a vulnerability (that was fixed by upgrading a library which that process makes use of). This is a very tenuous argument; by this criteria, practically any functionality bug could be considered a security problem (the fonts in my web browser are too small, therefore I can't read security advisories). -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]