Security risks due to packages that are no longer part of Debian?

To: debian-security@lists.debian.org
Subject: Security risks due to packages that are no longer part of Debian?
From: Christian Hammers <ch@debian.org>
Date: Mon, 11 Jul 2005 19:10:10 +0200
Message-id: <[🔎] 20050711191010.315ec238@app109.intern>

Hello

If a User upgrades his woody system to sarge and one package that has
been part of woody is now no longer part of Debian nor being superseded by
another package, will apt-get warn the user that this package is a potential
security risk as Debian does not monitor nor provide fixes for reported
security issues in this package?

For such a cases it would even be a reasonable advice to have both,
woody/updates and sarge/updates, in the sources.list, or?

A possible solution would be to be asked to flag such packages with
  echo "mypackage local" | dpkg --set-selections
or similar which would then surpress the apt-get warnings or optionally
show them explicitly as "watch these on your own".

bye,

-christian-

Reply to:

Follow-Ups:
- Re: Security risks due to packages that are no longer part of Debian?
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: Security risks due to packages that are no longer part of Debian?
  - From: Vladislav Kurz <vladislav.kurz@webstep.net>

Prev by Date: Re: [SECURITY] [DSA 751-1] New squid packages fix IP spoofing vulnerability
Next by Date: Re: Security risks due to packages that are no longer part of Debian?
Previous by thread: Re: [SECURITY] [DSA 751-1] New squid packages fix IP spoofing vulnerability
Next by thread: Re: Security risks due to packages that are no longer part of Debian?
Index(es):
- Date
- Thread