On Mon, 4 Aug 2025 10:27:01 +0800 xiao sheng wen wrote:
Control: tags -1 - security
Control: Severity -1 wishlist
Xiao Sheng Wen, shouldn't severity be higher for this bug?
I think, you set "wishlist" because network dictionaries and scanning
X11 selection are important features for users who need to quickly
translate words and do it frequently. I agree in general, but privacy
should be respected as well. The security team has restored the
"security" tag already.
I would consider to set severity at least to "important". Higher value
causes package removal from testing, and I do not find it reasonable.
In [1] Vincent wrote that apt-listbugs warns users about issues with
severity "serious" and above. In my opinion, users should be notified
about this bug before installing the packages. Accordingly to [2] it is
possible to set "forky-ignore" and maybe "bookworm-ignore" tags to
prevent removal of the packages from Debian repositories.
If the release team approve adding "ignore" tags, will you agree to
raise severity to "serious"?
Original severity "critical" likely is not appropriate since the
security team added: "<no-dsa> (Minor issue)" [3].
I really hope that with cooperation from the upstream developers, it is
possible to keep all features convenient for users, but to avoid issues
related to privacy in default configuration.
[1] Vincent Lefevre to debian-user.
Re: Security: Be careful with StarDict!
Fri, 8 Aug 2025 15:29:17 +0200.
<https://lists.debian.org/msgid-search/[email protected]>
[2] Tags for bug reports.
Information regarding the bug processing system
for package maintainers and bug triagers
<https://www.debian.org/Bugs/Developer#tags>
[3] <https://security-tracker.debian.org/tracker/CVE-2025-55014>
