On Tuesday 5 August 2008 16:23, martin f krafft wrote: > also sprach Thijs Kinkhorst <thijs@debian.org> [2008.08.05.0941 -0300]: > > While it is desirable to implement key expiry, and I hope that the > > APT team will do so, I do have doubts whether this sould be > > critical for the release of Debian Lenny. Can you provide > > a scenario that illustrates the criticality of this issue? > > No, it just casts a rather bad light on the implementation of > signature checking in APT. That could be true, but is subjective. In a similar way my impression of a program with typos in its strings is that it may be sloppily made. Still I don't think such a situation is a critical bug. I propose to put this bug at severity "important" which for me strikes the right balance between being 'very desirable to fix' and not being 'an actual, critical security hole'. OK? Obviously fixing it is the real solution. cheers, Thijs
Attachment:
pgpyHw12eKPBi.pgp
Description: PGP signature