X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=FAQ;h=9543e4ab0722e51837076636b2265b7b60d1544d;hb=f1982acc125341b0a92b6a90da1f775f88a2208d;hp=d42f60b14421b0a9a904c01d5486c879d0119702;hpb=372566bd993f1066fae99e92b2a489bdaf966a22;p=openssl.git

diff --git a/FAQ b/FAQ
index d42f60b144..9543e4ab07 100644
--- a/FAQ
+++ b/FAQ
@@ -738,6 +738,7 @@ never make sense, and tend to emerge when you least expect them. In order
 to identify one, drop optimization level, e.g. by editing CFLAG line in
 top-level Makefile, recompile and re-run the test.
 
+
 * I think I've found a bug, what should I do?
 
 If you are a new user then it is quite likely you haven't found a bug and
@@ -746,6 +747,10 @@ documentation and the mailing lists for similar queries. If you are still
 unsure whether it is a bug or not submit a query to the openssl-users mailing
 list.
 
+If you think you have found a bug based on the output of static analysis tools
+then please manually check the issue is genuine. Such tools can produce a
+LOT of false positives.
+
 
 * I'm SURE I've found a bug, how do I report it?
 
@@ -776,7 +781,9 @@ See also <URL: http://www.openssl.org/support/rt.html>
 If you think your bug has security implications then please send it to
 openssl-security@openssl.org if you don't get a prompt reply at least 
 acknowledging receipt then resend or mail it directly to one of the
-more active team members (e.g. Steve).
+more active team members (e.g. Steve). If you wish to use PGP to send
+in a report please use one or more of the keys of the team members listed
+at <URL: http://www.openssl.org/about/>
 
 [PROG] ========================================================================