OoO En cette fin de nuit blanche du dimanche 09 mars 2008, vers 05:49,
Florian Weimer <[EMAIL PROTECTED]> disait:
>> I think that this "inferiority" should be changed to equality in term
>> of security. I suppose that __cmp__() in Version class could return 0
>> when all the following conditions are met:
>> - upstream versions are equal
>> - debian versions of the package without r'~.*$' pattern are equal
>> Otherwise, we just use return VersionCompare() result.
> This doesn't work because "~" isn't really that special. It's used by
> maintainers as well, not just backports and testing-security.
> Sorry, but the fix is more complex, and I'm not 100% sure what it would
> look like. It probably has to happen on the server side anyway.
Well, I have another idea. We could add an option that will normalize
package versions by stripping some data. For example, debsecan could be
invoked with --normalize='~bpo.\d+' to support backports. Or we could
use --normalize='(~bpo|+custom).\d+' to support both backports and
custom packages.
I'll send you a patch implementing this.
--
Don't sacrifice clarity for small gains in "efficiency".
- The Elements of Programming Style (Kernighan & Plauger)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
