Re: Version numbering for security uploads of native packages

[Steve Langasek <vorlon@debian.org>]

On Sun, Mar 16, 2008 at 11:36:20AM +0100, Thijs Kinkhorst wrote:
> On Sunday 16 March 2008 00:52, Adam D. Barratt wrote:
> > We're aware that the Developers Reference specifies that the latter
> > format should be used, but it is problematic as -0.1 sorts before +b1
> > and, as such, the NMU will not supersede any previous binNMUs of the
> > same package version.

> > Whilst looking at this change, the question arose of what format
> > security uploads of native packages should use, both in general and
> > specifically when debchange's --security option is used.

> There may not be a good solution since MU's, NMU's and security uploads can 
> currently be interleaved in any particular order, so it seems hard to make a 
> scheme that would work reliably.

> Occasionally there are problems with an upload being lower than a binNMU. 
> binNMU's are problematic in this regard as they are often done without 
> maintainer notification, and if you fetch the source package there's also no 
> trace of them, both making it very easy to overlook. That would prompt me 
> that reducing these problems may be sought in finding a better binNMU 
> numbering scheme, one that sorts only just above the last sourceful upload 
> but is very likely to be smaller than any time of new sourceful upload (mu, 
> nmu or security) after it.

The current binNMU numbering scheme was selected explicitly to allow
security uploads to sort later by numbering as
<last_version>+<release><serial>; e.g., 1.2-5.1+etch1.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org