Bug 23619

Summary: support end of life (EOL) notifications
Product: PackageKit Reporter: Paul Wise <pabs3>
Component: GeneralAssignee: Richard Hughes <richard>
Status: RESOLVED NOTABUG QA Contact:
Severity: enhancement    
Priority: lowest    
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Paul Wise 2009-08-31 21:12:57 UTC 
Every release of each distribution has some time period where security and other updates are added. During this period, PackageKit should note the date that security support will be dropped, probably somewhere the user will see when doing updates. After this period, users should be notified that their system will no longer receive security updates and that they should upgrade to the next release of their distribution or contact their system administrator to do it for them.

The EOL notification should be annoying, but not too annoying. The EOL notification should point to the distribution's web page about upgrading the system to the next distro release in the case where the user wants to do it themselves. In the case where the user wants their sysadmin to do it, PackageKit could provide some technical information that a sysadmin might need

The EOL stuff should be flexible enough to support the EOL models of RHEL, Fedora, Debian, Ubuntu, SuSE etc. It may be that each distro should provide a script to determine when the EOL will be. Debian for example supports each release until one year after the next release, with no fixed schedule for when the next release will occur. Ubuntu has the whole LTS vs normal releases thing, which they support for different amounts of time.

There are also different categories of "support", Debian for example is security and important bug fixes only, while other distros like RHEL allow updates for better hardware support etc.

There is also the possibility for a distro's security team to declare that certain packages receive lesser or no security support, for example IIRC the Debian security team just imports new Mozilla stable releases wholesale instead of specific patches.

In addition, in big corporate environments, the sysadmins will not want 500 users notifying them that security support has ended. In that case, the sysadmins will want some kind of hook to disable the EOL notification, or modify the EOL timing in the case that they are doing security support.

I was thinking maybe for apt a field in the Release file might be the way to go for indicating security support.
Comment 1 Richard Hughes 2009-09-01 00:39:44 UTC 
Sure, sounds sane. I guess what you need to do is email the mailing list and discuss API additions there.
Comment 2 Paul Wise 2009-09-01 01:53:48 UTC 
I don't really have the time/skills to do that, just wanted to contribute an idea I had.
Comment 3 Richard Hughes 2018-08-21 15:52:38 UTC 
We moved the upstream bugtracker to GitHub a long time ago. If this issue still affects you please re-create the issue here: https://github.com/hughsie/PackageKit/issues
 
Sorry for the impersonal message, and fingers crossed your issue no longer happens. Thanks.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.