If a User upgrades his woody system to sarge and one package that has
been part of woody is now no longer part of Debian nor being superseded by
another package, will apt-get warn the user that this package is a potential
security risk as Debian does not monitor nor provide fixes for reported
security issues in this package?
No, of course not.
For such a cases it would even be a reasonable advice to have both,
woody/updates and sarge/updates, in the sources.list, or?
I doubt that this will work in general.
A tool which lists all packages which are no longer downloadable from
any APT source would be more helpful, I think. Does it already exist?