severity 449497 serious thank you i don't see how this bug can be considered anything less than serious. as i explained in my last message, there are two potential grave problems: security and breakage. and even if neither of these problems exist now, they certainly could arise during the lenny's lifetime. in fact, we don't even know if the upstream files are fully trustworthy right now. also, someone could spoof the upstream site. there are a lot of potential problems, which is why software in main should not have external dependencies. again, if these issues can be resolved before the release, then they should -- they should not be ignored.
also, i believe that by reducing the severity, you are covering up the importance of this problem -- and those like it. people in debian really need to put some thought and consideration into the clarity of the current policy on issues like this. you are putting your users at risk and reducing the reliability of the system. some have argued that this issue shouldn't be considered a problem since the majority of the package is dfsg-free. this is an incorrect interpretation. if any part of a package is non-free, then the whole package should be considered non-free until the offending component is fully removed. i am increasing the severity one more time to make sure that this bug is given appropriate consideration by the release team. it should be up to them to mark it lenny-ignore, and if that is their decision, i will not object. otherwise, i believe that the only reasonable solution (that can be completed in time for the release) is to remove getweb and add some documentation on getting getweb upstream if the user needs it. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
