On Fri, Aug 16, 2019 at 07:10:27PM +0200, Michał Górny wrote:
> Hi,
> 
> leio asked me yesterday for the possibility of marking packages
> as deprecated, so that CI would issue warnings when other packages
> depend on them.  I think that's quite a good idea, so I'd like to
> propose a simple implementation for it.
> 
> The idea is to provide profiles/package.deprecated using the same format
> as package.mask.  However, unlike the latter it wouldn't cause any user-
> visible results but only affect pkgcheck (and possibly repoman, if
> someone writes the check).
> 
> Basically you'd put something like:
> 
>   # name <email> (date)
>   # We don't like this package anymore, so we want to remove it ASAP.
>   dev-foo/bar
> 
>   # name <email> (date)
>   # Old slot is not nice at all.
>   dev-bar/frobnicate:0.1
> 
>   # name <email> (date)
>   # Nononono, don't use that.
>   <dev-zoo/elephant-
> 11.0
> 
> This would cause matching packages to be marked as deprecated.  It
> wouldn't affect normal install behavior but pkgcheck/CI would complain
> if any package had a dependency that can only be satisfied
> by the deprecated packages.
> 
> What do you think?
> 
> -- 
> Best regards,
> Michał Górny
> 

I really like this idea as well. It would also benefit the security team to know
which packages need to be fixed/removed before a vulnerable package can be
ridded of.

e.g. the sys-devel/automake:{1.9, 1.10} thing from today...

-- 
Cheers,
Aaron