>> From what you describe, I think the right categorization for now is: >> severity=critical, tags=security - what would be the advantage of >> introducing a more fine grained categorization for those issues? > > To me, "critical" seemed to be reserved for root exploits. But the > attacker does not gain root, and may not even be able to alter any data > on the computer, while still using a computer with the vulnerable > software to cause harm to unrelated third parties.
critical description is "makes unrelated software on the system (or the whole system) break, or causes serious data loss, or introduces a security hole on systems where you install the package." and for me what you describe is within "introduces a security hole on systems". Would that make sense for you? Regards, -- Sandro Tosi (aka morph, morpheus, matrixhasu) My website: http://matrixhasu.altervista.org/ Me at Debian: http://wiki.debian.org/SandroTosi -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
