Bug#542288: debian-policy: Version numbering: native packages, NMU's, and binary only uploads

To: Lucas Nussbaum <lucas@lucas-nussbaum.net>, 542288@bugs.debian.org
Cc: Manoj Srivastava <srivasta@acm.org>, Steve Langasek <vorlon@debian.org>
Subject: Bug#542288: debian-policy: Version numbering: native packages, NMU's, and binary only uploads
From: Julien Cristau <jcristau@debian.org>
Date: Tue, 1 Sep 2009 11:39:40 +0200
Message-id: <[🔎] 20090901093940.GC4345@patate.is-a-geek.org>
Reply-to: Julien Cristau <jcristau@debian.org>, 542288@bugs.debian.org
In-reply-to: <20090830213817.GA5510@xanadu.blop.info>
References: <877hx0nb7b.fsf@anzu.internal.golden-gryphon.com> <20090818203909.GF9480@rzlab.ucr.edu> <87ljlglsq6.fsf@anzu.internal.golden-gryphon.com> <20090827033217.GC15373@dario.dodds.net> <87zl9l7ube.fsf@anzu.internal.golden-gryphon.com> <20090830213817.GA5510@xanadu.blop.info>

On Sun, Aug 30, 2009 at 23:38:17 +0200, Lucas Nussbaum wrote:

> That's unfortunate. Imagine the following scenario:
> 1. Package P is released in sarge, with version 1.0-1.
> 2. Package P is installed on a system S, running sarge.
> 3. etch is released with P 1.0-1.
> 4. A security bug is found in P.

Does this actually happen?  How often?

Cheers,
Julien

Reply to:

Follow-Ups:
- Bug#542288: debian-policy: Version numbering: native packages, NMU's, and binary only uploads
  - From: Steve Langasek <vorlon@debian.org>

Next by Date: Re: Bug#541703: base-files: Please include FreeBSD license
Next by thread: Bug#542288: debian-policy: Version numbering: native packages, NMU's, and binary only uploads
Index(es):
- Date
- Thread