Author: carnil
Date: 2017-08-11 05:34:00 +0000 (Fri, 11 Aug 2017)
New Revision: 54594

Add section about issues not warranting an advisory

Modified: doc/security-team.d.o/security_tracker
--- doc/security-team.d.o/security_tracker      2017-08-11 05:33:52 UTC (rev 
+++ doc/security-team.d.o/security_tracker      2017-08-11 05:34:00 UTC (rev 
@@ -342,7 +342,24 @@
             - ffmpeg <removed>
             - ffmpeg-debian <end-of-life>
+### Issues not warranting a security advisory
+This states are reserved to be used for the respective security team.
+Sometimes an issue might not warrant an (immediate) security advisory since for
+example an issue might be minor. When a issue does not warrant an advisory they
+are marked with a distribution tag, the `<no-dsa>` state and an explanation.
+Two sub-states exists: `<ignored>` and `<postponed>`.
+If an issue will further be ignored the <ignored> state is used.
+If an issue deserves an update via a security advisory, but it is not needed to
+release an advisory just because of this issue, rather than `<no-dsa>` the
+`<postponed>` state can be used. This state can as well be used, if a fix is
+already queued up for a future security advisory and it will be included in
 ### `NOTE` and `TODO` entries
 There are many instances where more work has to be done to determine

Secure-testing-commits mailing list

Reply via email to