Re: Version numbering for security uploads of native packages

To: debian-devel@lists.debian.org
Subject: Re: Version numbering for security uploads of native packages
From: Russ Allbery <rra@debian.org>
Date: Wed, 19 Mar 2008 11:37:07 -0700
Message-id: <[🔎] 87zlsuftm4.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] 20080319112623.GC31286@pcbcn10.phys.rug.nl> (Bas Wijnen's message of "Wed\, 19 Mar 2008 12\:26\:23 +0100")
References: <[🔎] 1205692825.23243.6.camel@kaa.jungle.aubergine.my-net-space.net> <[🔎] 20080317082502.GB9807@pcbcn10.phys.rug.nl> <[🔎] 87r6e9l0rv.fsf@windlord.stanford.edu> <[🔎] 1205625175.15615.16.camel@kaa.jungle.aubergine.my-net-space.net> <[🔎] 20080316080640.GA32208@pcbcn10.phys.rug.nl> <[🔎] 1205668633.15615.41.camel@kaa.jungle.aubergine.my-net-space.net> <[🔎] 87wso2y1ec.fsf@windlord.stanford.edu> <[🔎] 1205692825.23243.6.camel@kaa.jungle.aubergine.my-net-space.net> <[🔎] 20080317082502.GB9807@pcbcn10.phys.rug.nl> <[🔎] 47DE926E.30809@free.fr> <[🔎] 20080319112623.GC31286@pcbcn10.phys.rug.nl>

Bas Wijnen <wijnen@debian.org> writes:

> You can base security uploads on NMUs, so I think you could get
> +s1+nmu1+s1+nmu1, etc.  Or should it go from +s1 to +s1+nmu1 to +s2 to
> +s2+nmu1?

I was assuming the latter.

> I prefer the longer versions in this case.  When a package gets too many
> security and other non-maintainer uploads, it should probably be
> orphaned or co-maintianed anyway (since there's appearantly a lot to do,
> and the maintainer isn't doing it).

We have other ways of tracking that information than the version, though.

> Hmm, the second dot probably has the same meaning then.

This only matters when appended to a Debian revision; for native packages,
it doesn't matter.  So ignore me unless we're talking about using the same
convention for both native and non-native packages.  (Having three periods
in the Debian revision is the old marker of a binNMU and various things
may still trigger off that.)

> So we should go for +deb31[+]_1 or something?  To make it clear again:
>
> +deb is a fixed part which means this is a security upload

Or any other stable upload, yes?  We're not currently distinguishing
between security uploads and maintainer uploads for the etch/sarge/etc.
versions.

> 31 is the current (at time of upload) stable release
> + means this is an upload to testing, skipping it means to stable

You wouldn't need the presence/absence thing of the + if you used a higher
version number for the testing security update.  I'd be inclined to say
that we just always add 1 to the minor version of the last stable version
when making a testing security upload until the actual version number for
the next release has been picked.  So in other words, use +deb40 for etch
and +deb41 for lenny until a version number has been picked, under the
assumption that the choices are 4.1 or 5.0 and either way 41 has the right
version ordering properties.  (Now, of course, people could start using
+deb50 if they wanted to.)

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: Version numbering for security uploads of native packages
  - From: Bas Wijnen <wijnen@debian.org>

References:
- Re: Version numbering for security uploads of native packages
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Re: Version numbering for security uploads of native packages
  - From: Bas Wijnen <wijnen@debian.org>
- Re: Version numbering for security uploads of native packages
  - From: Russ Allbery <rra@debian.org>
- Version numbering for security uploads of native packages
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Re: Version numbering for security uploads of native packages
  - From: Bas Wijnen <wijnen@debian.org>
- Re: Version numbering for security uploads of native packages
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Re: Version numbering for security uploads of native packages
  - From: Russ Allbery <rra@debian.org>
- Re: Version numbering for security uploads of native packages
  - From: Vincent Danjean <vdanjean.ml@free.fr>
- Re: Version numbering for security uploads of native packages
  - From: Bas Wijnen <wijnen@debian.org>

Prev by Date: Re: best package for windows Vista
Next by Date: Re: How to install Suggested (Was: Are all recommended modules equally important?)
Previous by thread: Re: Version numbering for security uploads of native packages
Next by thread: Re: Version numbering for security uploads of native packages
Index(es):
- Date
- Thread