
# List of packages where security support is limited

# File format: Columns, separated by one or more space characters
# 1. source package name
# 2. Descriptive text or URL with more details (optional)
#    In the program's output, this is prefixed with "Details:"

adns            Stub resolver that should only be used with trusted recursors
binutils        Only suitable for trusted content; see https://lists.debian.org/msgid-search/87lfqsomtg.fsf@mid.deneb.enyo.de
cython          Only included for building packages, not running them, #975058
ganglia         See README.Debian.security, only supported behind an authenticated HTTP zone, #702775
ganglia-web     See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
golang.*		See https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#golang-static-linking
gnupg1          See #982258 and https://www.debian.org/releases/stretch/amd64/release-notes/ch-whats-new.en.html#modern-gnupg
kde4libs        khtml has no security support upstream, only for use on trusted content
khtml           khtml has no security support upstream, only for use on trusted content, see #1004293
libspring-java  should be only used for building other Debian packages or in a secured local environment with trusted devices.
mozjs68         Not covered by security support, only suitable for trusted content, see #959804
mozjs78         Not covered by security support, only suitable for trusted content, see #959804
ocsinventory-server Only supported behind an authenticated HTTP zone
openjdk-17	See https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#openjdk-17
python2.7       Only included for building packages, not running them, #975058
python-stdlib-extensions Only included for building packages, not running them, #975058
qtwebengine-opensource-src No security support upstream and backports not feasible, only for use on trusted content
qtwebkit        No security support upstream and backports not feasible, only for use on trusted content
qtwebkit-opensource-src No security support upstream and backports not feasible, only for use on trusted content
samba           Only non-AD Domain Controller use cases are supported. See https://lists.debian.org/debian-security-announce/2023/msg00169.html
sql-ledger      Only supported behind an authenticated HTTP zone
tiles           Only supported for building packages, #1057343
zoneminder      See README.Debian.security, only supported behind an authenticated HTTP zone, #922724
