
# List of packages where security support is limited

# File format: Columns, separated by one or more space characters
# 1. source package name
# 2. Descriptive text or URL with more details (optional)
#    In the program's output, this is prefixed with "Details:"

adns            Stub resolver that should only be used with trusted recursors
binutils        Only suitable for trusted content; see https://lists.debian.org/msgid-search/87lfqsomtg.fsf@mid.deneb.enyo.de
ganglia         See README.Debian.security, only supported behind an authenticated HTTP zone, #702775
ganglia-web     See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
golang.*		See https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#golang-static-linking
gobgp           See https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#golang-static-linking
gnupg1          See #982258 and https://www.debian.org/releases/stretch/amd64/release-notes/ch-whats-new.en.html#modern-gnupg
kde4libs        khtml has no security support upstream, only for use on trusted content
khtml           khtml has no security support upstream, only for use on trusted content, see #1004293
libspring-java  should be only used for building other Debian packages or in a secured local environment with trusted devices.
mozjs68         Not covered by security support, only suitable for trusted content, see #959804
mozjs78         Not covered by security support, only suitable for trusted content, see #959804
musescore2      Only supported with trusted files, see README.Debian shipped in package and #1070860
musescore3      Only supported with trusted files, see README.Debian shipped in package and #1070860
ocsinventory-server Only supported behind an authenticated HTTP zone
openjdk-17	See https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#openjdk-17
qtwebengine-opensource-src No security support upstream and backports not feasible, only for use on trusted content
qtwebkit        No security support upstream and backports not feasible, only for use on trusted content
qtwebkit-opensource-src No security support upstream and backports not feasible, only for use on trusted content
samba           Only non-AD Domain Controller use cases are supported. See https://lists.debian.org/debian-security-announce/2023/msg00169.html
sql-ledger      Only supported behind an authenticated HTTP zone
tiles           Only supported for building packages, #1057343
zoneminder      See README.Debian.security, only supported behind an authenticated HTTP zone, #922724
