Thijs Kinkhorst schrieb: > I'm specifically concerned about this statement of yours: > >>> Justification: introduces a security hole on systems where you install >>> the packages > > That definately does not hold, but it may give the impression to users that > all systems running Postfix are vulnerable, which is very far from reality. > I'm not quite concerned about which exact severity level a given bug has, > since that's quite abstract, but I am advocating to be careful with factual > statements about the impact of the vulnerability as you did above.
Ah thank you. I had borrowed the words from the possible justifications of "critical" at http://release.debian.org/etch/rc_policy.txt and ment this only as distinction from grave being "introduces a security hole allowing access to the accounts of users who use the package" which applies much less. I know that most postfix users were not affected. So it would have been better to leave that line away, or to add a limitation like "under certain circumstances". cheers -- Kevin Price http://www.kevin-price.de/
signature.asc
Description: OpenPGP digital signature