Subject: Re: dependencies & security vulnerabilities
To: Johnny C. Lam <>
From: Malcolm Herbert <>
List: tech-pkg
Date: 08/01/2005 11:07:37
I agree with the sentiment here, but how do you intend to distinguish
between two versions of a particular pre-compiled package with the same
version number where one is secure and the other not?

Unfortunate as the knock-on effects of bumping the revision number are,
at least you can tell from the outside without installing it ...

I personally have no problem either way, but thought it a kink worth 
mentioning ... 


Malcolm Herbert
Computer Support Officer
School of Geosciences
Monash University
ph 9905 4881