Certain classes of software are simply too complex for a small team of volunteers to sufficiently track vulnerabilities in. In many cases, this is made harder by the fact that certain upstreams also do not sufficiently track vulnerabilities, making our job almost impossible. To document this for the community, below we enumerate such classes of software and the respective packages for which it is reasonably feasible to track vulnerabilities and issue GLSAs. In general, we will not issue GLSAs for packages in the enumerated classes which are not listed below; however, we may still track security issues in such packages in Bugzilla on a best-effort basis. We recommend usingor Bugzilla directly to keep track of vulnerabilities tracked in Bugzilla in such cases.