On 2016-08-12, Daniel <dan...@zift.no> wrote: > On Fri, Aug 12, 2016 at 11:24:31AM +0100, Liam O'Toole wrote: >> On 2016-08-12, Daniel <dan...@zift.no> wrote: >> > Is there a problem with the version numbering for the packages >> > "openssl" and "libssl1.0.0"? It seems I get the version from >> > jessie/main and that the version from jessie/updates/main is >> > ignored because of the extra letter in the version number. >> > Isn't 1.0.1k-3+deb8u5 the prefered version here? If so, then >> > I suspect lots of Debian stable users are stuck on a version >> > without the latest security patches, which I would consider >> > very bad. >> > >> > Or is it just me being confused or have missed something? >> > > --Snip >> > root:~# apt-cache policy openssl >> > openssl: >> > Installed: 1.0.1t-1+deb8u2 >> > Candidate: 1.0.1t-1+deb8u2 >> > Version table: >> > *** 1.0.1t-1+deb8u2 0 >> > 500 http://ftp.no.debian.org/debian/ jessie/main amd64 Packages >> > 100 /var/lib/dpkg/status >> > 1.0.1k-3+deb8u5 0 >> > 500 http://security.debian.org/ jessie/updates/main amd64 Packages >> > root:~# >> > >> > ---Paste ends >> >> Note the letters 't' and 'k' in the version strings. Alpha-numeric >> sorting makes 1.0.1t-1+deb8u2 the preferred version. >> > I know. I just wondered if that was the intention. I would think that > the one in jessie/updates/main is usually prefered over the ones from > jessie/main
Ah, I misunderstood your question. Version 1.0.1t came with the last point release[1]; in that way the version in jessie/main leapfrogged that in jessie/updates/main. 1: https://www.debian.org/News/2016/20160604 -- Liam
