Re: problem with version numbering in packages openssl and libssl1.0.0?

[Liam O'Toole <liam.p.otoole@gmail.com>]

On 2016-08-12, Daniel <daniel@zift.no> wrote:
> On Fri, Aug 12, 2016 at 11:24:31AM +0100, Liam O'Toole wrote:
>> On 2016-08-12, Daniel <daniel@zift.no> wrote:
>> > Is there a problem with the version numbering for the packages
>> > "openssl" and "libssl1.0.0"? It seems I get the version from
>> > jessie/main and that the version from jessie/updates/main is
>> > ignored because of the extra letter in the version number.
>> > Isn't 1.0.1k-3+deb8u5 the prefered version here? If so, then
>> > I suspect lots of Debian stable users are stuck on a version
>> > without the latest security patches, which I would consider
>> > very bad.
>> >
>> > Or is it just me being confused or have missed something?
>> >
> --Snip
>> > root:~# apt-cache policy openssl
>> > openssl:
>> >   Installed: 1.0.1t-1+deb8u2
>> >   Candidate: 1.0.1t-1+deb8u2
>> >   Version table:
>> >  *** 1.0.1t-1+deb8u2 0
>> >         500 http://ftp.no.debian.org/debian/ jessie/main amd64 Packages
>> >         100 /var/lib/dpkg/status
>> >      1.0.1k-3+deb8u5 0
>> >         500 http://security.debian.org/ jessie/updates/main amd64 Packages
>> > root:~#
>> >
>> > ---Paste ends
>> 
>> Note the letters 't' and 'k' in the version strings. Alpha-numeric
>> sorting makes 1.0.1t-1+deb8u2 the preferred version.
>> 
> I know. I just wondered if that was the intention. I would think that
> the one in jessie/updates/main is usually prefered over the ones from
> jessie/main

Ah, I misunderstood your question. Version 1.0.1t came with the last
point release[1]; in that way the version in jessie/main leapfrogged
that in jessie/updates/main.

1: https://www.debian.org/News/2016/20160604

-- 

Liam