- Package:
- debian-security-support
- Source:
- debian-security-support
- Submitter:
- Thorsten Glaser
- Date:
- 2025-06-16 07:27:01 UTC
- Severity:
- normal
- Tags:
$ apt-cache show apt | fgrep Depends: Depends: base-passwd (>= 3.6.1) | adduser, sqv (>= 1.3.0), […] However: $ check-support-status Limited security support for one or more packages […] * Source:rust-sequoia-sqv Details: See https://www.debian.org/releases/trixie/release-notes/issues.en.html#go-and-rust-based-packages Affected binary package: - sqv (installed version: 1.3.0-3) This is unsuitable for a release. Either don’t use sqv or make sure that sqv is security‑ and LTS/ELTS-supported for the release.
Rest assured this was discussed and approved before the switch happened.
https://www.debian.org/releases/trixie/release-notes/issues.en.html#go-and-rust-based-packages describes a generic limitation for Rust and Go-based software. This does not mean that seqv is unsupported, Firefox is a prominent piece of software which uses Rust to a large degree and does see frequent security updates. There's no need to have bugs for any package using Go or Rust, so closing it. Cheers, Moritz Footnotes: [1] Notably a limitation which applies to every distro, we're just the only one being transparent about it.
Hi, might be useful to mark sqv as supported then, if it is, as an exception to the rule for packages written in these languages. Otherwise, people using the d-s-s package are going to get a surprise… Thanks, //mirabilos
indeed. however that´s not soo easy as the codebase doesnt allow that yet.
Ah, so the marking is automatic, didn’t know that. Thanks, //mirabilos