On 02.08.2010, 18:01 Jacopo wrote:
My gut feeling is that the "preference" for
1.12 is simply due to its
inclusion in Debian stable [1]. The maintainer seems to be actively
backporting security fixes [2], so while I agree that these versions
may enjoy less community support, they should not be considered broken
on the basis of the version number alone.
This, of course, unless it is certain that some
vulnerabilities are
still present in the Debian version. If you are aware of the existence
of such a problem, I would recommend you contact
<security(a)debian.org>rg>. Otherwise, the situation might not be as
dangerous as it seems.
They haven't backported security fixes from 1.15.4 and 1.15.5 yet,
which are seveal months old (OMG disclosure!) And who knows what other
problems (including security flaws) may still be there, as "stabe"
versions usually get much less attention and testing.
--
Best regards,
Max Semenik ([[User:MaxSem]])