encoding/gob: note pacakge not covered by security policy

And add a link. Resolves a comment left on http://go.dev/cl/436096
after it was submitted.

Change-Id: I2847d29134ffb4fee2b0ea37842cdf57df55ec0c
Reviewed-on: https://go-review.googlesource.com/c/go/+/442816
Reviewed-by: Julie Qiu <julieqiu@google.com>
Run-TryBot: Roland Shoemaker <roland@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>

diff --git a/src/encoding/gob/doc.go b/src/encoding/gob/doc.go
index 04cb0ac471ea65d41d2214696cabd67a3a17bc9d..15473f18b2de6d389b9975ba97a74a9185b4c4f4 100644 (file)
--- a/src/encoding/gob/doc.go
+++ b/src/encoding/gob/doc.go
@@ -279,10 +279,11 @@ https://blog.golang.org/gobs-of-data
 
 # Security
 
-This package is not designed to be hardened against adversarial inputs. In
-particular, the Decoder does only basic sanity checking on decoded input sizes,
-and its limits are not configurable. Care should be taken when decoding gob data
-from untrusted sources, which may consume significant resources.
+This package is not designed to be hardened against adversarial inputs, and is
+outside the scope of https://go.dev/security/policy. In particular, the Decoder
+does only basic sanity checking on decoded input sizes, and its limits are not
+configurable. Care should be taken when decoding gob data from untrusted
+sources, which may consume significant resources.
 */
 package gob