bodik
commented
3 months ago some test case to start with
version_spec = parse(">0")
> assert is_in_version_range("9.11.5-P4-5.1+deb10u10", version_spec)
E AssertionError: assert False
E + where False = is_in_version_range('9.11.5-P4-5.1+deb10u10', [<SpecifierSet('>0')>])
Several GNU/Linux distributions (including the major ones) do not package upstream versions of software, but base their package on a specific version and then backport fixes they consider relevant. The backport does not change official version number, but the distros need to differentiate between the modified versions anyway, what is done by adding various decorations, such as postfixes, specific version strings based on distribution name and similar. For vulnerability management, discerning these versions (both in their own version space and against vanilla versions) is a hard requirement.