From b655d69c05f1813ca17c95b976edba791a52ade9 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <marcus@jet.franken.de>
Date: Sun, 26 Jan 2020 16:42:37 +0100
Subject: clarify notes

---
 SECURITY.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index 678ed8b80..66d512feb 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -14,7 +14,9 @@ libgphoto2 only processes images to provide standard formats. For JPEG
 images the libexif library is used for extraction of EXIF data.
 
 Callers of the library can be assumed trusted, also input coming into
-the library is considered trusted.
+the library via API calls is considered trusted.
+
+Data coming from port drivers (USB, serial, IP, etc) is considered untrusted.
 
 Historically the primary development goals was "make it work", without
 security in mind.
-- 
cgit v1.2.1