While looking in policy and the implementing code I found a little discrepancy, I wanted to discuss:
Policy 5.6.11 describes the upstream version part as:
| The upstream_version may contain only alphanumerics[28] and
| the characters . + - : (full stop, plus, hyphen, colon)
| and should start with a digit. If there is no debian_revision
| then hyphens are not allowed; if there is no epoch then
| colons are not allowed.
Quickly grepping over the indices of stable and unstable, the
possibility of having colons in there is not used.
Looking at the code, this is not very suprising, as the upstream
version is included in several generated filenames, e.g. by
dpkg-deb --build:
# cat test/DEBIAN/control
| Package: test
| Version: 0:1:1.1
| Architecture: i386
| Maintainer: noone <newerwhere>
| Description: test
| with colons in version number
# dpkg-deb --build test .
| dpkg-deb: building package `test' in `./test_1:1.1_i386.deb'.
Which is not nice, as those would be escaped for http-requests,
cause files with %3a in the apt-cache, and most propably rejected
by jannifer, as dak seems to use (in utils.py)
| re_taint_free = re.compile(r"^[-+~\.\w]+$");
to check filenames to be welformed and thus would reject such files,
if I parsed the code correctly.
Other programs reject colons in version number, e.g. dh_make checks
the version number against '[0-9][0-9a-zA-Z+\.\-]*'
Thus I suggest 5.6.11 to be changed so that colons are no longer
allowed, and plan to file a wishlist-bug agsinst debian-policy, if
noone contradicts.
Hochachtungsvoll,
Bernhard R. Link
--
The man who trades freedom for security does not deserve
nor will he ever receive either. (Benjamin Franklin)
pgpKArjium9XK.pgp
Description: PGP signature
