The problem is there's no metadata for which versions fix security bugs, and therefore which previous versions are now insecure.