From 5acb7768560c2784f756ed5cfc88162c6759ce4e Mon Sep 17 00:00:00 2001
From: Nicholas Clark <nick@ccl4.org>
Date: Sat, 6 Dec 2008 15:07:55 +0000
Subject: Note perl5-security-report@perl.org in INSTALL. Must remember to
 mention it in the release announcement.

p4raw-id: //depot/perl@35039
---
 INSTALL | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'INSTALL')

diff --git a/INSTALL b/INSTALL
index 80a1f309e2..88525b94e3 100644
--- a/INSTALL
+++ b/INSTALL
@@ -2205,6 +2205,15 @@ attachments or encodings may actually reduce the number of people who
 read your message.  Your message will get relayed to over 400
 subscribers around the world so please try to keep it brief but clear.
 
+If the bug you are reporting has security implications, which make it
+inappropriate to send to a publicly archived mailing list, then please send
+it to perl5-security-report@perl.org. This points to a closed subscription
+unarchived mailing list, which includes all the core committers, who be able
+to help assess the impact of issues, figure out a resolution, and help
+co-ordinate the release of patches to mitigate or fix the problem across all
+platforms on which Perl is supported. Please only use this address for security
+issues in the Perl core, not for modules independently distributed on CPAN.
+
 If you are unsure what makes a good bug report please read "How to
 report Bugs Effectively" by Simon Tatham:
 http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
-- 
cgit v1.2.1