Control: Severity -1 important Hi,
在 2025/8/16 13:59, Max Nikulin 写道: > On Mon, 4 Aug 2025 10:27:01 +0800 xiao sheng wen wrote: >> Control: tags -1 - security >> Control: Severity -1 wishlist > > Xiao Sheng Wen, shouldn't severity be higher for this bug? Yes! > > I think, you set "wishlist" because network dictionaries and scanning X11 > selection are important features for users who need to quickly translate > words and do it frequently. I agree in general, but privacy should be > respected as well. The security team has restored the "security" tag already. > > I would consider to set severity at least to "important". Higher value causes > package removal from testing, and I do not find it reasonable. > > In [1] Vincent wrote that apt-listbugs warns users about issues with severity > "serious" and above. In my opinion, users should be notified about this bug > before installing the packages. Accordingly to [2] it is possible to set > "forky-ignore" and maybe "bookworm-ignore" tags to prevent removal of the > packages from Debian repositories. Most of the end normal user don't install apt-listbugs default. > > If the release team approve adding "ignore" tags, will you agree to raise > severity to "serious"? I had uploaded the new version to fix this bug, now is waiting for ftp-master team to process NEW, https://ftp-master.debian.org/new/stardict_3.0.7+git20220909+dfsg-8.html so set adding "ignore" tags in not necessary at present. > > Original severity "critical" likely is not appropriate since the security > team added: "<no-dsa> (Minor issue)" [3]. > > I really hope that with cooperation from the upstream developers, it is > possible to keep all features convenient for users, but to avoid issues > related to privacy in default configuration. Stardict is a long history software, although the upstream developers is not very active, but he still can do some minor update. > > [1] Vincent Lefevre to debian-user. > Re: Security: Be careful with StarDict! > Fri, 8 Aug 2025 15:29:17 +0200. > > <https://lists.debian.org/msgid-search/[email protected]> > > [2] Tags for bug reports. > Information regarding the bug processing system > for package maintainers and bug triagers > <https://www.debian.org/Bugs/Developer#tags> > > [3] <https://security-tracker.debian.org/tracker/CVE-2025-55014> Thanks! -- 肖盛文 xiao sheng wen -- Debian Developer(atzlinux) Debian QA page: https://qa.debian.org/developer.php?login=atzlinux%40debian.org GnuPG Public Key: 0x00186602339240CB
OpenPGP_signature.asc
Description: OpenPGP digital signature
