[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Version numbering for security uploads of native packages

Bas Wijnen wrote:
> On Sun, Mar 16, 2008 at 06:40:25PM +0000, Adam D. Barratt wrote:
>> On Sun, 2008-03-16 at 11:22 -0700, Russ Allbery wrote:
>>> "Adam D. Barratt" <adam@adam-barratt.org.uk> writes:
>>>> On Sun, 2008-03-16 at 09:06 +0100, Bas Wijnen wrote:
>> [...]
>>>>> Good idea.  Even better, IMO, would be to use a system which is in
>>>>> line with non-native packages.  How about this rule:
>>>> [using X.1]
>>>>> IMO this solution is slightly better than +nmu1, because it makes
>>>>> versions of native and non-native packages more uniformly mangled.
>>>>> However, any solution is better than no solution. :-)
>>>> That does seem the most logical suggestion thus far.
>>> I dislike this approach because it makes it impossible for tools like
>>> Lintian to recognize NMUs of native packages and perform other
>>> NMU-specific checks (such as making sure an appropriate changelog entry is
>>> present).  There's no way of knowing whether a native package with a
>>> version number of 1.2.1 is an NMU or not.
>> Indeed. Luk already pointed out on irc that this is the (or at least a)
>> reason .1 wasn't suggested by DevRef.
> Ok, that makes sense.  However, with +nmu1, there still is the problem
> of how to name security uploads.  With +s1, they sort after +nmu1, which
> I think is wrong.
> But we're talking about uploads to stable and testing anyway, so the
> +etch1 and similar version extensions are used.  Do we want to solve the
> bug that they can have incorrect order?  They should at least start with
> +X, where X is >> 'b' and << 'n', if they want to sort correctly with
> respect to binNMUs and source NMUs.

I did not see any comments about Raphael's proposition (that seems better
to me):

Raphael Hertzog wrote:
> On Sun, 16 Mar 2008, Thijs Kinkhorst wrote:
>> There may not be a good solution since MU's, NMU's and security uploads can
>> currently be interleaved in any particular order, so it seems hard to make a
>> scheme that would work reliably.
> It's possible, you just have to put the increment number before the
> "type" of upload:
> - +c0.nmu (non maintainer upload)
> - +c1.sec (security upload)
> - +c2.su (stable update)
> Unfortunately "+0.nmu" sorts before "+b1" so I had to put "+c0.nmu" so
> that binnmu sort lower. And "c" could mean "change" or "external change".

  Best regards,

Vincent Danjean       GPG key ID 0x9D025E87         vdanjean@debian.org
GPG key fingerprint: FC95 08A6 854D DB48 4B9A  8A94 0BF7 7867 9D02 5E87
Unofficial pacakges: http://www-id.imag.fr/~danjean/deb.html#package
APT repo:  deb http://perso.debian.org/~vdanjean/debian unstable main

Reply to: