On Tue, 31 Mar 2009 10:22:18 -0400, Michael S. Gilbert wrote: > On Tue, 31 Mar 2009 11:11:51 +0200, Nico Golde wrote: > > > Hi, > > * gilbert-gu...@alioth.debian.org <gilbert-gu...@alioth.debian.org> > > [2009-03-31 10:16]: > > [...] > > > CVE-2009-0590 > > > RESERVED > > > - - openssl <unfixed> > > > + - openssl <unfixed> (medium; bug #522002) > > > > Given that you filed the bug as important I think medium > > does a little sense here. > > agreed. my mistake. thanks for fixing.
here was my original logic: i thought a higher urgency would make sense since ubuntu's fix is already out there, and hence it should be easier/quicker to get a debian fix out too. and as well, it is important to maintain security parity with other distributions (it looks bad that debian often takes longer to put out fixes than other distros). i understand that everyone is working hard, and i don't want to disparage that, but i think we can (and should aim to) do better. _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
