Re: Security risks due to packages that are no longer part of Debian?

[Florian Weimer <fw@deneb.enyo.de>]

* Christian Hammers:

> If a User upgrades his woody system to sarge and one package that has
> been part of woody is now no longer part of Debian nor being superseded by
> another package, will apt-get warn the user that this package is a potential
> security risk as Debian does not monitor nor provide fixes for reported
> security issues in this package?

No, of course not.

> For such a cases it would even be a reasonable advice to have both,
> woody/updates and sarge/updates, in the sources.list, or?

I doubt that this will work in general.

A tool which lists all packages which are no longer downloadable from
any APT source would be more helpful, I think.  Does it already exist?