Re: libplrpc-perl vs DBI vs mysql
On Wed, May 28, 2014 at 10:21:10AM +0200, Christoph Biedl wrote:
> So opening a can of worms: Given package A depends on package B,
> perhaps even through a third package. Now support for B is to be
> terminated. Shouldn't there be precise warnings for A too, at least to
> some degree? At the moment there's nothing, so users will have to find
> out on their own about that on their own: Removing B "I don't need
> that", then realizing this kills some parts of the installation.
> That's not good.
I suppose any solutions which tries to display affected reverse deps
will introduce a lot of complexity for little gain (as by the examples
you already provided)
We should rather document the general approach (e.g. running
dpkg --dry-run remove DROPPEDPACKAGE)
> The conclusion I came to was ending security support should be seen as
> last resort only.
Of course.
> If this is inevitable, looking into the dependencies
> to learn about the implications must be part of the decision. Users
> need an information how to proceed, that is a part of the retirement
> notice and that's why I suggested URLs in the d-s-s notifications:
> Some 60 characters simply are not enough.
Alternatively we can ship README.foo packages in debian-security-support
when a package is EOLed.
Cheers,
Moritz
Reply to: