Re: Security risks due to packages that are no longer part of Debian?

[Sam Morris <sam@robots.org.uk>]

Florian Weimer wrote:
> > If a User upgrades his woody system to sarge and one package that has
> > been part of woody is now no longer part of Debian nor being superseded by
> > another package, will apt-get warn the user that this package is a potential
> > security risk as Debian does not monitor nor provide fixes for reported
> > security issues in this package?
>
> No, of course not.
>
> > For such a cases it would even be a reasonable advice to have both,
> > woody/updates and sarge/updates, in the sources.list, or?
>
> I doubt that this will work in general.
>
> A tool which lists all packages which are no longer downloadable from
> any APT source would be more helpful, I think.  Does it already exist?

You can use aptitude to discover obsolete packages on your system. See 
<http://www.debian.org/releases/stable/i386/release-notes/ch-upgrading.en.html#s-obsolete> 
for more info.

--
Sam Morris
http://robots.org.uk/

PGP key id 5EA01078
3412 EA18 1277 354B 991B  C869 B219 7FDB 5EA0 1078