From 36ca37f3a04aac4b67aa7fe3cfe480c891d0d53f Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <roland@golang.org>
Date: Thu, 13 Oct 2022 11:11:22 -0700
Subject: [PATCH] encoding/gob: note pacakge not covered by security policy

And add a link. Resolves a comment left on http://go.dev/cl/436096
after it was submitted.

Change-Id: I2847d29134ffb4fee2b0ea37842cdf57df55ec0c
Reviewed-on: https://go-review.googlesource.com/c/go/+/442816
Reviewed-by: Julie Qiu <julieqiu@google.com>
Run-TryBot: Roland Shoemaker <roland@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
---
 src/encoding/gob/doc.go | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/encoding/gob/doc.go b/src/encoding/gob/doc.go
index 04cb0ac471..15473f18b2 100644
--- a/src/encoding/gob/doc.go
+++ b/src/encoding/gob/doc.go
@@ -279,10 +279,11 @@ https://blog.golang.org/gobs-of-data
 
 # Security
 
-This package is not designed to be hardened against adversarial inputs. In
-particular, the Decoder does only basic sanity checking on decoded input sizes,
-and its limits are not configurable. Care should be taken when decoding gob data
-from untrusted sources, which may consume significant resources.
+This package is not designed to be hardened against adversarial inputs, and is
+outside the scope of https://go.dev/security/policy. In particular, the Decoder
+does only basic sanity checking on decoded input sizes, and its limits are not
+configurable. Care should be taken when decoding gob data from untrusted
+sources, which may consume significant resources.
 */
 package gob
 
-- 
2.50.0