[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: security.d.o packages for etch built on sarge

Hello Karol,

On Thu, Jul 05, 2007 at 11:02:02PM +0200, Karol Lewandowski wrote:
> On Sun, Jul 01, 2007 at 01:30:25PM +0200, Karol Lewandowski wrote:
> > However, blender security update is wrong on both arches.  According to
> > http://packages.debian.org/stable/graphics/blender package version is
> > 2.42a-7, while security archive has 2.37a-1.1etch1.
> > [...]
> Any comments on blender issue?  To state precisely -- why security
> archive has lower package version than release?

2.37a-1.1etch1 has been uploaded by the Debian testing security team[0]
via testing-security to Etch when it was still Testing. This became
necessary when a fixed blender package couldn't quickly migrate the
normal way from Unstable due to build errors. In fact, it took over four
more months before an updated blender package could finally propagate
via the normal way.

When Etch became Stable it included the blender version present in
Testing at that time (2.42a-7), which was/is greater than the version
at s.d.o. As this old version at s.d.o causes no harm (unless some user
applies some weird pinning) my best guess is that simply nobody bothered
to actually remove it.

Flo - speaking solely from a Blender maintainer's POV

[0] http://secure-testing-master.debian.net/DTSA/DTSA-29-1.html

Attachment: signature.asc
Description: Digital signature

Reply to: