Debian classifies the compromised images as archival relics with minimal exploitation risk, prompting calls for persistent scanning to prevent supply-chain contamination.
