I agree with the sentiment here, but how do you intend to distinguish
between two versions of a particular pre-compiled package with the same
version number where one is secure and the other not?

Unfortunate as the knock-on effects of bumping the revision number are,
at least you can tell from the outside without installing it ...

I personally have no problem either way, but thought it a kink worth 
mentioning ... 

Regards,
Malcolm

-- 
Malcolm Herbert
Computer Support Officer
School of Geosciences
Monash University
ph 9905 4881