From: Peter van Dijk <peter.van.dijk@powerdns.com>
Date: Wed, 3 Feb 2021 07:46:24 +0000 (+0100)
Subject: docs security policy: steal OARC link&text from https://www.isc.org/security-report/
X-Git-Tag: dnsdist-1.6.0-alpha2~62^2~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2c6d95507df0be38d5dab4692bda2fa364d2583c;p=thirdparty%2Fpdns.git

docs security policy: steal OARC link&text from https://www.isc.org/security-report/
---

diff --git a/docs/common/security-policy.rst b/docs/common/security-policy.rst
index ac7bf33b11..fbbbd34700 100644
--- a/docs/common/security-policy.rst
+++ b/docs/common/security-policy.rst
@@ -10,6 +10,8 @@ We fully credit reporters of security issues, and respond quickly, but please al
 We remind PowerDNS users that under the terms of the GNU General Public License, PowerDNS comes with ABSOLUTELY NO WARRANTY.
 This license is included in this documentation.
 
+If you believe you have found a security vulnerability that applies to DNS implementations generally, and you want to report this responsibly to a number of implementers, you might consider also using the `Open Source DNS Vulnerability mailing list <https://www.dns-oarc.net/oarc/oss-dns-vulns/>`_, managed by `DNS-OARC <https://www.dns-oarc.net/>`_.
+
 HackerOne
 ^^^^^^^^^
 Security issues can also be reported on `our HackerOne page <https://hackerone.com/powerdns>`_ and might fetch a bounty.