Hello,
the Debian Buster release notes state that no security updates are
possible for software written in Go due to its static linking - Debian
lacks the infrastructure to mass-rebuild all affected Go packages. Did
this change in the mean time? If not, is there ongoing work to change this?
The same release notes state that just Firefox and Chromium can be
supported with security updates, but Chromium is several major versions
behind in Buster, it appears as vulnerable to lots of CVEs and the last
DSA for chromium was at the beginning of July.
Best regards,
Laurentiu
[1]
https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#limited-security-support
[2] https://security-tracker.debian.org/tracker/source-package/chromium
