Security risks due to packages that are no longer part of Debian?
If a User upgrades his woody system to sarge and one package that has
been part of woody is now no longer part of Debian nor being superseded by
another package, will apt-get warn the user that this package is a potential
security risk as Debian does not monitor nor provide fixes for reported
security issues in this package?
For such a cases it would even be a reasonable advice to have both,
woody/updates and sarge/updates, in the sources.list, or?
A possible solution would be to be asked to flag such packages with
echo "mypackage local" | dpkg --set-selections
or similar which would then surpress the apt-get warnings or optionally
show them explicitly as "watch these on your own".