On 5/23/08, Steffen Joeris wrote: > If users want to use the tracker to gain information about the vulnerability > of their system, I would highly recommend that they read the CVE and all > available information about affected packages, instead of just looking at > the urgency field :)
I think that the three-tiered (high, medium, low) categorization is extremely useful. Average users can't be expected to spend the time to read or be able to fully understand the CVEs. However, they can easily understand the categories. I really do think an urgency should always be assigned. Maybe the submitter should initially specify the urgency as, for example, "medium/needs-review" so that others can be made aware that the urgency currently stated is just a guess. With the urgency left blank, as is currently done, the urgency (borrowing concepts from quantum mechanics) is in a superposition of the high, medium, and low states. Hence, one has to assume the worst-case scenario, which is that all of the blank urgencies are to be considered high urgency (the cat is both dead and alive until you open the box). Kind Regards. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
