Re: New stable version after Sarge

[Jan Niehusmann <jan@debian.org>]

On Thu, Jan 06, 2005 at 09:51:21AM +0100, Marc Haber wrote:
> That would leave testing users who happen to have such a package
> installed alone because they wouldn't notice their package vanishing
> from the mirrors, continuing to use a potentially vulnerable package.

Good point. But that problem can be solved by some program checking that
all installed packages are actually available from the selected
distribution(s).

That could be integrated into apt (e.g. apt-get upgrade warning about
packaged without a current installation canditate, or where the most
recent version from the archives is older than the installed one), or it
could be a separate tool. Perhaps it can even be done with existing
tools?

Jan