On Thu, Mar 15, 2007 at 10:18:23AM +0100, Vincent Bernat wrote: > On Thu, 15 Mar 2007 01:22:50 -0700, Steve Langasek <[EMAIL PROTECTED]> wrote: > > On Thu, Mar 15, 2007 at 08:53:54AM +0100, Vincent Bernat wrote: > >> I am a bit disappointed by the downgrading of the severity of bug > >> #413766. I have filled it under critical with justfication "breaks > >> unrelated software". It was downgraded to important without any > >> justification and the discussion in debian-release did not even > >> mention this bug.
> > This "breaks unrelated software" only if you have configured that software > > to look at the contents of this package. Do you intend to also claim > > ca-certificates "breaks unrelated software" every time it drops a CA > > certificate because they determine the certificate authority isn't > > trustworthy? > This is not the case here ! There is only a renaming. You didn't answer my question. > The fix is easy and this bug should stay critical to not slip out of Etch. > If a function was renamed in libc, would you say that it breaks unrelated > software only if you have configured that software to use this function ? No, because it wouldn't break any unrelated software; it would only break *related* software. That would be treated as a serious bug -- the same as a bug where libc dropped a function. And it would be treated such because library functions are something we guarantee. Interfaces to particular CA certificates, however, are not something we as a project guarantee. I understand that it's an inconvenient upgrade problem for users who link to this certificate, but that doesn't make it 'critical'. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
