[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security risks due to packages that are no longer part of Debian?

Florian Weimer wrote:
If a User upgrades his woody system to sarge and one package that has
been part of woody is now no longer part of Debian nor being superseded by
another package, will apt-get warn the user that this package is a potential
security risk as Debian does not monitor nor provide fixes for reported
security issues in this package?

No, of course not.

For such a cases it would even be a reasonable advice to have both,
woody/updates and sarge/updates, in the sources.list, or?

I doubt that this will work in general.

A tool which lists all packages which are no longer downloadable from
any APT source would be more helpful, I think.  Does it already exist?

You can use aptitude to discover obsolete packages on your system. See <http://www.debian.org/releases/stable/i386/release-notes/ch-upgrading.en.html#s-obsolete> for more info.

Sam Morris

PGP key id 5EA01078
3412 EA18 1277 354B 991B  C869 B219 7FDB 5EA0 1078

Reply to: