Since 4.10, we've had conditional update risks (OTA-267). This helps raise awareness of update-time issues, to keep customers from being bitten by surprise during change-is-risky update events. However, there is currently no mechanism to declare late-breaking issues affecting install, which sometimes leaves patch managers trying to balance "should we release 4.y.z?" between:

• It includes some bugfixes, so installs and updates to the new release will make life better for some customers.
• It includes some regressions or new-feature issues, so installs on the new release will be broken or less reliable for some customers.

And of course, we can discover issues like that after we've already declared support too. Customers could theoretically mine OCPBUGS or KCS to try to find relevant vulnerabilities around each install, but that's tedious. This spike is about sketching tooling to make it easier to discover and either mitigate or avoid install-time issues.