Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: rm X-Debbugs-Cc: guix@packages.debian.org, team@security.debian.org, vagrant@debian.org Control: affects -1 + src:guix Recent security issues have made it clear that Guix upstream, which uses a rolling release model, makes it difficult to provide proper security support. In the past, this worked because the relevent parts of the code had seen little development, but after some significant changes landed it made backporting security patches more difficult. guix: CVE-2025-46415 CVE-2025-46416 CVE-2025-52991 CVE-2025-52992 CVE-2025-52993 https://bugs.debian.org/1108318 After several attempts at backporting patches and discussion with the security team, I have decided that we should probably remove this from bookworm, trixie and bullseye. There is also currently a bug to trigger testing auto-removal for forky: https://bugs.debian.org/1112143 It has no reverse dependencies, so should not trigger any serious problems for others. This will also need to be removed from the security archive at some point. *sigh* live well, vagrant
Attachment:
signature.asc
Description: PGP signature