diff --git a/net/rsync/pkg/SECURITY b/net/rsync/pkg/SECURITY
new file mode 100644
index 00000000000..d5587fd58ac
--- /dev/null
+++ b/net/rsync/pkg/SECURITY
@@ -0,0 +1,6 @@
+$OpenBDS$
+
+${WRKDIR}/receiver.c
+	call to mktemp (wrapper function do_mktemp) does seem to be correct.
+
+The server makes extensive use of strlcpy/strlcat/snprintf.