Hello Toni, thanks for your report > as the number of packaged web papplications increases, reportbug should > imho have a category that is designated to be appropriate for cases > where the problem does not allow compromising a local user or gaining > root, but where the application would make the host prone to carrying > out attacks on third party hosts, on behalf of the attacker. As an > example, installing malware to cause drive-by downloads may be > mentioned - usually, the host itself might not be otherwise affected by > the additional files it would serve. > > Please consider assigning an appropriate category to this kind of > problem and offer the user to set the security tag on the affected > report.
Can you please clarify what is this "category" you're describing? is it an additional severity (like "critical", "grave", "minor", etc) or a tag (like "ipv6", "lfs", etc)? >From what you describe, I think the right categorization for now is: severity=critical, tags=security - what would be the advantage of introducing a more fine grained categorization for those issues? Regards, -- Sandro Tosi (aka morph, morpheus, matrixhasu) My website: http://matrixhasu.altervista.org/ Me at Debian: http://wiki.debian.org/SandroTosi -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
