encoding/gob: note pacakge not covered by security policy

And add a link. Resolves a comment left on http:https://go.dev/cl/436096 after it was submitted. Change-Id: I2847d29134ffb4fee2b0ea37842cdf57df55ec0c Reviewed-on: https://go-review.googlesource.com/c/go/+/442816 Reviewed-by: Julie Qiu <[email protected]> Run-TryBot: Roland Shoemaker <[email protected]> Auto-Submit: Roland Shoemaker <[email protected]> TryBot-Result: Gopher Robot <[email protected]>
cloudflare · Oct 13, 2022 · 36ca37f · 36ca37f
1 parent 1ef685f
commit 36ca37f
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/src/encoding/gob/doc.go b/src/encoding/gob/doc.go
@@ -279,10 +279,11 @@ https://blog.golang.org/gobs-of-data
 
 # Security
 
-This package is not designed to be hardened against adversarial inputs. In
-particular, the Decoder does only basic sanity checking on decoded input sizes,
-and its limits are not configurable. Care should be taken when decoding gob data
-from untrusted sources, which may consume significant resources.
+This package is not designed to be hardened against adversarial inputs, and is
+outside the scope of https://go.dev/security/policy. In particular, the Decoder
+does only basic sanity checking on decoded input sizes, and its limits are not
+configurable. Care should be taken when decoding gob data from untrusted
+sources, which may consume significant resources.
 */
 package gob