From 35d04a0848d8648807672e2ac1ba73ff7bbaee3a Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Tue, 27 May 2025 17:05:05 +0200
Subject: [PATCH] README: Set expectations straight

Fixes #913.
---
 README.md | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index e1848dfd1..d3deaa01c 100644
--- a/README.md
+++ b/README.md
@@ -11,8 +11,6 @@ The git repository is hosted on GNOME's GitLab server:
 
 Bugs should be reported at
 <https://gitlab.gnome.org/GNOME/libxml2/-/issues>.
-Please report *security issues* to our bug tracker as well. Make sure to
-mark the issue as *confidential*.
 
 Documentation is available at
 <https://gitlab.gnome.org/GNOME/libxml2/-/wikis>
@@ -21,6 +19,14 @@ Documentation is available at
 
 This code is released under the MIT License, see the Copyright file.
 
+## Security
+
+This is open-source software written by hobbyists, maintained by a single
+volunteer, badly tested, written in a memory-unsafe language and full of
+security bugs. It is foolish to use this software to process untrusted data.
+As such, we treat security issues like any other bug. Each security report
+we receive will be made public immediately and won't be prioritized.
+
 ## Build instructions
 
 libxml2 can be built with GNU Autotools, CMake or meson.