On 06.10.2016 20:10, Adrian Bunk wrote: > On Thu, Oct 06, 2016 at 06:16:37PM +0200, Raphael Hertzog wrote: >> On Thu, 06 Oct 2016, Adrian Bunk wrote: >> ... >>> Do you have any rationale why you think -1~deb7u1 would be better >>> than -0+deb7u1? >> >> My preference goes for the former because it matches the logic of >> backported packages and thus does not introduce a new concept while >> -0+deb7u1 is not something we use in another context. > > -0+deb7u1 is a concept already used in DSAs for exactly this purpose. > > I just found a good example how the versioning you are suggesting could > cause real problems: > > https://lists.debian.org/debian-lts-announce/2016/09/msg00017.html > https://www.debian.org/security/2016/dsa-3666 > > If LTS would switch to your suggested -1~deb7u1, then a wheezy user who > got your LTS package might not get future security fixes like -0+deb8u2 > or -0+deb8u9 after upgrading to jessie. I think what matters is that the upgrade path from one distribution to another works. The actual version number is in fact irrelevant as long as it is greater than the one in Wheezy and smaller than the one in Jessie. For the issue at hand both solutions work. We don't need to find the perfect scheme and should just leave the decision to the uploader. The rest is bikeshedding. Regards, Markus
Attachment:
signature.asc
Description: OpenPGP digital signature