Every release of each distribution has some time period where security and other updates are added. During this period, PackageKit should note the date that security support will be dropped, probably somewhere the user will see when doing updates. After this period, users should be notified that their system will no longer receive security updates and that they should upgrade to the next release of their distribution or contact their system administrator to do it for them.
The EOL notification should be annoying, but not too annoying. The EOL notification should point to the distribution's web page about upgrading the system to the next distro release in the case where the user wants to do it themselves. In the case where the user wants their sysadmin to do it, PackageKit could provide some technical information that a sysadmin might need
The EOL stuff should be flexible enough to support the EOL models of RHEL, Fedora, Debian, Ubuntu, SuSE etc. It may be that each distro should provide a script to determine when the EOL will be. Debian for example supports each release until one year after the next release, with no fixed schedule for when the next release will occur. Ubuntu has the whole LTS vs normal releases thing, which they support for different amounts of time.
There are also different categories of "support", Debian for example is security and important bug fixes only, while other distros like RHEL allow updates for better hardware support etc.
There is also the possibility for a distro's security team to declare that certain packages receive lesser or no security support, for example IIRC the Debian security team just imports new Mozilla stable releases wholesale instead of specific patches.
In addition, in big corporate environments, the sysadmins will not want 500 users notifying them that security support has ended. In that case, the sysadmins will want some kind of hook to disable the EOL notification, or modify the EOL timing in the case that they are doing security support.
I was thinking maybe for apt a field in the Release file might be the way to go for indicating security support.
Sure, sounds sane. I guess what you need to do is email the mailing list and discuss API additions there.
I don't really have the time/skills to do that, just wanted to contribute an idea I had.
We moved the upstream bugtracker to GitHub a long time ago. If this issue still affects you please re-create the issue here: https://github.com/hughsie/PackageKit/issues
Sorry for the impersonal message, and fingers crossed your issue no longer happens. Thanks.