On 02.08.2010, 18:01 Jacopo wrote:
My gut feeling is that the "preference" for 1.12 is simply due to its inclusion in Debian stable [1]. The maintainer seems to be actively backporting security fixes [2], so while I agree that these versions may enjoy less community support, they should not be considered broken on the basis of the version number alone.
This, of course, unless it is certain that some vulnerabilities are still present in the Debian version. If you are aware of the existence of such a problem, I would recommend you contact security@debian.org. Otherwise, the situation might not be as dangerous as it seems.
They haven't backported security fixes from 1.15.4 and 1.15.5 yet, which are seveal months old (OMG disclosure!) And who knows what other problems (including security flaws) may still be there, as "stabe" versions usually get much less attention and testing.