Re: Accepted atftp 0.6.2 (i386 source)
On Mon, Jul 07, 2003 at 01:23:57PM -0500, Steve Langasek wrote: > On Mon, Jul 07, 2003 at 12:48:49PM -0500, Branden Robinson wrote: > > On Sun, Jul 06, 2003 at 01:47:07PM -0400, Remi Lefebvre wrote: > > > Changes: > > > atftp (0.6.2) unstable; urgency=low > > > . > > >* Fixed local and remote buffer overflow (Closes: #196304) > > > In the future, please upload security fixes with urgency=high. > > I'm assuming this is only appropriate if the vulnerability affects > testing? Since the main impact of setting the 'urgency' field is > affecting propagation time into testing, it doesn't seem appropriate to > give higher priority to a package which only suffered from a > vulnerability in the unstable version. I was under the impression that the urgency field was supposed to be an indicator of how important the upgrade is likely to be to users of the package, and that the testing propagation was just a handy side-use. Cheers, Nick -- Nick Phillips -- [EMAIL PROTECTED] Write yourself a threatening letter and pen a defiant reply.
Re: Accepted atftp 0.6.2 (i386 source)
On Mon, Jul 07, 2003 at 01:23:57PM -0500, Steve Langasek wrote: > On Mon, Jul 07, 2003 at 12:48:49PM -0500, Branden Robinson wrote: > > In the future, please upload security fixes with urgency=high. > > I'm assuming this is only appropriate if the vulnerability affects > testing? Since the main impact of setting the 'urgency' field is > affecting propagation time into testing, it doesn't seem appropriate to > give higher priority to a package which only suffered from a > vulnerability in the unstable version. The other effect is that the changelog entries are sorted to the top in apt-listchanges. (and no, if the vulnerability doesn't affect testing or stable, this isn't particularly important) -- - mdz
Re: Accepted atftp 0.6.2 (i386 source)
On Mon, Jul 07, 2003 at 12:48:49PM -0500, Branden Robinson wrote: > On Sun, Jul 06, 2003 at 01:47:07PM -0400, Remi Lefebvre wrote: > > Changes: > > atftp (0.6.2) unstable; urgency=low > > . > >* Fixed local and remote buffer overflow (Closes: #196304) > In the future, please upload security fixes with urgency=high. I'm assuming this is only appropriate if the vulnerability affects testing? Since the main impact of setting the 'urgency' field is affecting propagation time into testing, it doesn't seem appropriate to give higher priority to a package which only suffered from a vulnerability in the unstable version. -- Steve Langasek postmodern programmer pgpFsdnuHE67Y.pgp Description: PGP signature
Re: Accepted atftp 0.6.2 (i386 source)
On Sun, Jul 06, 2003 at 01:47:07PM -0400, Remi Lefebvre wrote: > Changes: > atftp (0.6.2) unstable; urgency=low > . >* Fixed local and remote buffer overflow (Closes: #196304) In the future, please upload security fixes with urgency=high. -- G. Branden Robinson| What influenced me to atheism was Debian GNU/Linux | reading the Bible cover to cover. [EMAIL PROTECTED] | Twice. http://people.debian.org/~branden/ | -- J. Michael Straczynski pgphWFzskX2YZ.pgp Description: PGP signature