From: Roland Shoemaker <roland@golang.org>
Date: Thu, 13 Oct 2022 18:11:22 +0000 (-0700)
Subject: encoding/gob: note pacakge not covered by security policy
X-Git-Tag: go1.20rc1~650
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=36ca37f3a04aac4b67aa7fe3cfe480c891d0d53f;p=gostls13.git

encoding/gob: note pacakge not covered by security policy

And add a link. Resolves a comment left on http://go.dev/cl/436096
after it was submitted.

Change-Id: I2847d29134ffb4fee2b0ea37842cdf57df55ec0c
Reviewed-on: https://go-review.googlesource.com/c/go/+/442816
Reviewed-by: Julie Qiu <julieqiu@google.com>
Run-TryBot: Roland Shoemaker <roland@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
---

diff --git a/src/encoding/gob/doc.go b/src/encoding/gob/doc.go
index 04cb0ac471..15473f18b2 100644
--- a/src/encoding/gob/doc.go
+++ b/src/encoding/gob/doc.go
@@ -279,10 +279,11 @@ https://blog.golang.org/gobs-of-data
 
 # Security
 
-This package is not designed to be hardened against adversarial inputs. In
-particular, the Decoder does only basic sanity checking on decoded input sizes,
-and its limits are not configurable. Care should be taken when decoding gob data
-from untrusted sources, which may consume significant resources.
+This package is not designed to be hardened against adversarial inputs, and is
+outside the scope of https://go.dev/security/policy. In particular, the Decoder
+does only basic sanity checking on decoded input sizes, and its limits are not
+configurable. Care should be taken when decoding gob data from untrusted
+sources, which may consume significant resources.
 */
 package gob