
# List of packages where security support is limited

# File format: Columns, separated by one or more space characters
# 1. source package name
# 2. Descriptive text or URL with more details (optional)
#    In the program's output, this is prefixed with "Details:"

adns            Stub resolver that should only be used with trusted recursors
binutils        Only suitable for trusted content; see https://lists.debian.org/msgid-search/87lfqsomtg.fsf@mid.deneb.enyo.de
cython          Only included for building packages, not running them, #975058
ganglia         See README.Debian.security, only supported behind an authenticated HTTP zone, #702775
ganglia-web     See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
golang.*        See https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#golang-static-linking
gobgp           See https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#golang-static-linking
gnupg1          See #982258 and https://www.debian.org/releases/stretch/amd64/release-notes/ch-whats-new.en.html#modern-gnupg
jython          Includes python2.7 stdlib, support limited until Py3 port, see #975058 and https://lists.debian.org/debian-lts/2024/08/msg00027.html
kde4libs        khtml has no security support upstream, only for use on trusted content
khtml           khtml has no security support upstream, only for use on trusted content, see #1004293
libspring-java  See README.Debian.security included in the package
mozjs102        Not covered by security support, only suitable for trusted content, see package description
mozjs78         Not covered by security support, only suitable for trusted content, see #959804
musescore2      Only supported with trusted files, see README.Debian shipped in package and #1070860
musescore3      Only supported with trusted files, see README.Debian shipped in package and #1070860
ocsinventory-server Only supported behind an authenticated HTTP zone
qtwebengine-opensource-src No security support upstream and backports not feasible, only for use on trusted content
qtwebkit        No security support upstream and backports not feasible, only for use on trusted content
qtwebkit-opensource-src No security support upstream and backports not feasible, only for use on trusted content
rust.*          See https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#golang-static-linking
sql-ledger      Only supported behind an authenticated HTTP zone
tiles           Only supported for building packages, #1057343
vte             Not covered by security support, only used by debian-installer, #1082885
zoneminder      See README.Debian.security, only supported behind an authenticated HTTP zone, #922724
