Hi Salvatore, On Donnerstag, 18. September 2014, Salvatore Bonaccorso wrote: > Disclaimer, only gave a quick look. Thanks again for the work :). :-) > I noticed when checking some random packages, that the version > information tough is not correct. I take again the bind9 example for > CVE-2014-0591. yes, I'm aware of this. > I guess this is not directly a problem of the patch, but more what it > uncovers? yes > Without having digged into it: Is the problem that when > backports is now considered as a subrelease, we will have the sorting > of the versions no, it's that the bug tables don't know about backports already... I'll work on a fix shortly... (I use+maintain backports myself, so I'm interested in correct functionality.) > Thus for now (clearly) I'm not sure we really should include > -backports ... yes, though https://security-tracker.debian.org/tracker/status/release/stable-backports https://security-tracker.debian.org/tracker/status/release/oldstable-backports already exist and are broken. It would be trivial to disable/hide them, but I'm really more interested in fixing them. On a related note, I've also reworked the selection logic on those status/release/$RELEASE views and replace those link logic with proper checkboxes (so one can select to only view high or low urgency bugs or whatever) and in future there could be checkboxes for sloopy-backports instead of regular ones, or the inclusion/exclusion of proposed updates. cheers, Holger
Attachment:
signature.asc
Description: This is a digitally signed message part.