> There isn't any real technical factor limiting the number of versions
> to one. Theoretically, there could both jquery1.4 and jquery1.6
> source packages coexisting (as long as the binary files are
> appropriately versioned as well). Thus if wordpress only works with
> 1.4, then it can use that temporarily until it gets updated to support
> 1.6 (or whatever the problem it was that started this discussion).
The difficulty is that if we end up with ten different versions of
vulnerability we need to somehow backport the patch to each of those
And here "we" means the security team, not the people who uploaded the
ten versions in the first place.
So this is rather unpalatable.