Comment 15 for bug 2048781

@jibel

> can you point to the Debian Go packaging guidelines you're mentioning?
https://go-team.pages.debian.net/packaging.html

It is stated in the bug description:
"- This package violates Debian Policy. It vendorizes various Go (in vendor/) and Rust libraries (in vendor_rust/). We are maintaining them up to date with dependabot in our upstream CI. The Go part is covered by the govulncheck security scanning on the Go version we are depending on and its vendored dependency."

However there's no TODO wrt to that. Just the translations as a recommendation.