Subject: Re: Why commands in the source tree don't have version?
To: Bill Sommerfeld <>
From: Jim Wise <>
List: current-users
Date: 02/13/2001 21:39:11
Hash: SHA1

On Tue, 13 Feb 2001, Bill Sommerfeld wrote:

>> We have very explicit versioning for each system command
>> and library:
>> 0.9, 1.0, 1.2, 1.2.1, 1.3, 1.3.1, 1.3.2, 1.3.3, 1.4, 1.4.1, 1.4.2,
>> 1.4.3, 1.4.4, 1.5, soon 1.5.1 and 1.6. It's called release number.
>For what I hope would be obvious reasons this is not sufficient in the
>presence of interim patches (such as the ones included in/referenced
>by security advisories).
>We can do better.

That's right.  The upcoming system package system changes do what I
think is a good middle ground in this respect -- for example, the SSH
binaries shipped in 1.7 will show up in pkg_info as


where the last `.0' is specific to the package, and can be incremented
if a new version of the package is released to address a security

This will allow the user to quickly determine (via pkg_info) if a
security patch has been applied.

Since package tiny versions will be monotonically increasing on the
release branch, if the last security patch for NetBSD-1.7 upgraded the
base-secsh-bin package to version 1.7.4, when the 1.7.1 release is
shipped, it will come with version (or if other changes
have come in in the meantime) of this package.

- -- 
				Jim Wise
Version: GnuPG v1.0.4 (NetBSD)
Comment: For info see