update security contact information.

Point out that the security-reporting email address now creates an RT
ticket. Also, consolidate this information purely within perlsec.pod, and
make all the other places link to it with L<>.

1 files changed, 4 insertions, 9 deletions

diff --git a/INSTALL b/INSTALL
index 60ccad1423..ec9235264e 100644
--- a/INSTALL
+++ b/INSTALL
@@ -2426,15 +2426,10 @@ attachments or encodings may actually reduce the number of people who
 read your message.  Your message will get relayed to over 400
 subscribers around the world so please try to keep it brief but clear.
 
-If the bug you are reporting has security implications, which make it
-inappropriate to send to a publicly archived mailing list, then please
-send it to perl5-security-report@perl.org. This points to a closed
-subscription unarchived mailing list, which includes all the core
-committers, who be able to help assess the impact of issues, figure out
-a resolution, and help co-ordinate the release of patches to mitigate or
-fix the problem across all platforms on which Perl is supported. Please
-only use this address for security issues in the Perl core, not for
-modules independently distributed on CPAN.
+If the bug you are reporting has security implications which make it
+inappropriate to send to a publicly archived mailing list, then see
+L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION>
+for details of how to report the issue.
 
 If you are unsure what makes a good bug report please read "How to
 report Bugs Effectively" by Simon Tatham: