Date: 2017-08-11 05:34:00 +0000 (Fri, 11 Aug 2017)
New Revision: 54594
Add section about issues not warranting an advisory
--- doc/security-team.d.o/security_tracker 2017-08-11 05:33:52 UTC (rev
+++ doc/security-team.d.o/security_tracker 2017-08-11 05:34:00 UTC (rev
@@ -342,7 +342,24 @@
- ffmpeg <removed>
- ffmpeg-debian <end-of-life>
+### Issues not warranting a security advisory
+This states are reserved to be used for the respective security team.
+Sometimes an issue might not warrant an (immediate) security advisory since for
+example an issue might be minor. When a issue does not warrant an advisory they
+are marked with a distribution tag, the `<no-dsa>` state and an explanation.
+Two sub-states exists: `<ignored>` and `<postponed>`.
+If an issue will further be ignored the <ignored> state is used.
+If an issue deserves an update via a security advisory, but it is not needed to
+release an advisory just because of this issue, rather than `<no-dsa>` the
+`<postponed>` state can be used. This state can as well be used, if a fix is
+already queued up for a future security advisory and it will be included in
### `NOTE` and `TODO` entries
There are many instances where more work has to be done to determine
Secure-testing-commits mailing list