diff --git a/web/documentation/security.org b/web/documentation/security.org
index c724827..5924dc6 100644
--- a/web/documentation/security.org
+++ b/web/documentation/security.org
@@ -1,29 +1,32 @@
 #+TITLE: GnuPG - Security
 #+STARTUP: showall
 #+SETUPFILE: "../share/setup.inc"
 
 * Security
 
 The GnuPG Project takes the security of software it develops very
 seriously.  In general we prefer a [[https://en.wikipedia.org/wiki/Full_disclosure_(computer_security)][full disclosure]] approach and all
 bugs listed in our [[file:bts.org][bug tracker]] as well as code changes in our [[../download/git.org][software
 repository]] are public.  Given that GnuPG is an important part of many
 software distributions and severe bugs in GnuPG would affect their
 users directly, we co-ordinate with them in private as soon as we
 learn about a severe vulnerability.
 
 Sometimes we receive pre-notifications of research which may lead to a
 new kind of vulnerability.  In these cases we may work with the
 researchers in private on a solution and co-ordinate our fix release
 with them.
 
 ** Security contact
 
 If you found a *severe* security problem and you do not want to
-publish it, please report it by mail to security at gnupg.org.
+publish it, please report it by mail to security at gnupg.org.  We
+prefer reports in plain text format; if needed we can also work with
+PDF files.  For security reasons we won't read any other complex data
+formats (e.g. docx or odt).
 
 Note that we do not use a team OpenPGP key.  Thus please write a
 non-encrypted message to the security address and ask for the keys of
 the developers at duty and then encrypt the mail to all of them.  A
 list of our core developers can be found [[../people/index.org][here]]; they are all active on
 the gnupg-devel mailing list.