On disttags (was: Choosing rpm-release for fc1 and fdr add-on rpms)

[Axel Thimm]

On Tue, May 18, 2004 at 04:44:48PM -0300, Alexandre Oliva wrote:
> On May 18, 2004, Rex Dieter <rdieter at math.unl.edu> wrote:
> 
> > Yes, exactly.  In the case where that is not true, dist_tags are 
> > harmless, so this shouldn't be used as an argument against using them.
>  
> Not *totally* harmless.
> 
> Wasn't there a problem in the way old versions of rpm compared say 
> -1.foo with -1.1.foo?

Yes, so avoid comparing numbers and letters. OTOH it affects rpms
Versions up to RH8.0 w/o errata upgrades. So probably one can consider
this a corner case.

> If you use disttags, and you have to patch a package such that the
> R number goes in between two R numbers that are already out,

Why would you do that? Say you have foo-1.2.3-4 and foo-1.2.3-5 and
the fix comes out, you suggest foo-1.2.3-4.1 and
foo-1.2.3-5.1. Wouldn't that make foo-1.2.3-5, one of the versions
with the security vulnerability overwrite the fixed version from
foo-1.2.3-4.1?

E.g. I have a secury FC3 and use an (outdated) FC4 installation medium
to upgrade my system. Until I fire up the updater postinstallation my
box is vulnerable.

So it is better to reach for higher bumbs in these cases.

There is nothing you can do, if the upstream version differs (other
that doing the wrong thing, bumping epochs).

> and you can't just append the build number at the end for the
> reasons Axel already exposed, and you can't add `.number' before the
> disttag, what do you do?

As said, this is an old corner stone, and using dotted releases should
be considered deprecated anyway.
-- 
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20040518/5291e76f/attachment.sig>