Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)
On Wed, Aug 28, 2013 at 12:47 PM, Ian Jackson
<ijackson@chiark.greenend.org.uk> wrote:
> Ian Jackson writes ("Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)"):
>> Bastien ROUCARIES writes ("Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)"):
>> > Why not un this case creating an empty package depending of an non existing
>> > package ?
>>
>> Because we should leave the user the choice to keep using the
>> unsupported software, rather than ripping it out from under them.
>
> Oh, wait, I don't think I read your proposal correctly. I'm not sure
> exactly what effect this would have but, presumably, mostly a
> complaint from the package manager ?
Exactly refuse to upgrade install security.
Supose that a package badpackage is not supported by LTS.
LTS teams release a new version of package (arch-all):
Package: badpackage
Depends: ltsnotsupported, ${misc:Depends}
Architecture: all
Section: ltsnotsuported
Description: This package is not supported any more by LTS team
This package is not supported any more by LTS team.
.
This package is not carry a SECURITY RISK and was removed
from debian LTS.
.
THIS PACKAGE WAS INSECURE LTS REMOVED.
.
This package is not instalable any more and thus upgrade will fail.
.
If you care about this package please join the LTS team or backport
security fix.
.
If you accept the security risk you should add pinning see
http://www.debian.org/ltssecuritypinning.
.
Alternatly you could remove the reverse depends of this package,
but you should be warmed that some system functionnality may
be removed see http://www.debian.org/ltssecurityremoverdepends.
> Ian.
Reply to: