docs security policy: steal OARC link&text from https://www.isc.org/security-report/

author Peter van Dijk <peter.van.dijk@powerdns.com>

Wed, 3 Feb 2021 07:46:24 +0000 (08:46 +0100)

committer Peter van Dijk <peter.van.dijk@powerdns.com>

Wed, 3 Feb 2021 07:46:24 +0000 (08:46 +0100)
author Peter van Dijk <peter.van.dijk@powerdns.com>
Wed, 3 Feb 2021 07:46:24 +0000 (08:46 +0100)
committer Peter van Dijk <peter.van.dijk@powerdns.com>
Wed, 3 Feb 2021 07:46:24 +0000 (08:46 +0100)
diff --git a/docs/common/security-policy.rst b/docs/common/security-policy.rst

index ac7bf33b1116a6c8c85ed314822922e80b8e9c5c..fbbbd3470029d4dd6dd83c45f137812fae198637 100644 (file)
--- a/docs/common/security-policy.rst
+++ b/docs/common/security-policy.rst
@@ -10,6 +10,8 @@ We fully credit reporters of security issues, and respond quickly, but please al
  We remind PowerDNS users that under the terms of the GNU General Public License, PowerDNS comes with ABSOLUTELY NO WARRANTY.
  This license is included in this documentation.
  
+If you believe you have found a security vulnerability that applies to DNS implementations generally, and you want to report this responsibly to a number of implementers, you might consider also using the `Open Source DNS Vulnerability mailing list <https://www.dns-oarc.net/oarc/oss-dns-vulns/>`_, managed by `DNS-OARC <https://www.dns-oarc.net/>`_.
+
  HackerOne
  ^^^^^^^^^
  Security issues can also be reported on `our HackerOne page <https://hackerone.com/powerdns>`_ and might fetch a bounty.
author	Peter van Dijk <peter.van.dijk@powerdns.com>
	Wed, 3 Feb 2021 07:46:24 +0000 (08:46 +0100)
committer	Peter van Dijk <peter.van.dijk@powerdns.com>
	Wed, 3 Feb 2021 07:46:24 +0000 (08:46 +0100)