Re: [SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities
Matt Zimmerman <firstname.lastname@example.org> writes:
> On Thu, Jul 22, 2004 at 04:25:30PM +0200, Hilko Bengen wrote:
>> Why has a new Debian version been introduced? Previous security
>> fixes followed a numbering scheme 4.1.2-6woody$i, the last version
>> being 4.1.2-6woody3.
> That scheme is used for non-maintainer uploads. The maintainer
> prepared this package, however, and chose to use 4.1.2-7.
This is the first time I noticed the Debian version being bumped... I
see a potential (general) problem with this: 4.1.2-7 might have
existed in both Woody and Sarge and reflected different states of the
package in each distribution.
I haven't checked whether this has been the case and, given that PHP
has evolved quite a bit since Woody was released, it might not have
mattered much in this particular case. But if Debian manages to
release more often in the future and less-frequently updated packages
are treated like this, we might run into confusion.