What does it mean when the "Urgency" is neither "low", "medium", or "high" on the tracker pages, for example CVE-2007-3073 (iceweasel) and many others in [1]? Does that mean that the urgency has yet to be assigned, or is it unknown? Should I assume that the urgency is "high" until there is further information indicating otherwise?
It is rather confusing to have entries without a specified urgency. The urgency of security issues need to be categorized (otherwise there is no way for the user to determine how concerned he or she should be about a particular issue). Maybe there should be a requirement to always assign an urgency when a security issue is reported? Thanks. [1] http://security-tracker.debian.net/tracker/status/release/unstable -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
