Re: pkgin idea: warning about service restarts and database migrations

[Manuel Bouyer <bouyer%antioche.eu.org@localhost>]

On Sat, Sep 23, 2023 at 06:59:50AM -0400, Greg Troxel wrote:
> Manuel Bouyer <bouyer%antioche.eu.org@localhost> writes:
> 
> > I'm talking about a package that is still in pkgsrc (and binary repos)
> > but will be removed in the near future.
> 
> I do understand what Manuel wants.  It's to mark the current version in
> pkgsrc of xenkernel-413 as pending removal, so that people who are
> 
>   - still running 4.13
>   - not running a staging server for their dom0
>     - despite this, consider it really critical
>   - updating to new quarterly branches
>   - paying attention to upgrade messages
>   - somehow are not aware that they really need to upgrade
> 
> will notice.
> 
> I didn't mean to sound so cranky above when I started writing this.  But
> as I thought about what the real issue is, it feels niche.

Not that much a niche. All database packages could benefit from this too.
I'm sure there are other use cases.

> 
> I wonder if adding a removal-warning in pkg-vulnerabilities is
> reasonable, separate from 'is not maintained upstream'.   It's not
> really a vulnerability, but it is a "condition which is true about this
> package that and admin should be made aware of".

pkg-vulnerabilities is way too verbose IMHO, and most often points to
vulnerabilities that are not relevant. But that's not the point.
Installing (or upgrading to) a package that we know is going to removed
soon is not a vulnerability, it's a maintenance issue (you're using
something that will stop working on the next pkgsrc branch). It has nothing to
do in pkg-vulnerabilities

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--