On Wed, Jan 29, 2020 at 10:26:56PM +0100, Miro HronĨok wrote:
Here is an initial (albeit randomly generated) proposal of X and Y:
severity CRITICAL/HIGH MEDIUM LOW
X 2 4 6
Y 2 4 6
In RHEL, low impact security bugs wouldn't normally be fixed until the
next minor release, which would be 6-12 months after the issue is
reported. I don't think it's valuable to badger packagers about bugs
that have "minimal consequences" to use the terminology from
https://access.redhat.com/security/updates/classification
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
Read my programming and virtualization blog:
http://rwmj.wordpress.com
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages.
http://libguestfs.org