]> git.rkrishnan.org Git - tahoe-lafs/tahoe-lafs.git/blobdiff - NEWS.rst
projects / tahoe-lafs / tahoe-lafs.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
NEWS: caution about secret introducer.furl in world-readable tahoe.cfg
[tahoe-lafs/tahoe-lafs.git] / NEWS.rst
diff --git a/NEWS.rst b/NEWS.rst
index 19aacfbf1d0844039237d604f6a85e64a0795a46..5bc827bb70cde3f2b461cb840507948ee2574919 100644 (file)
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -32,7 +32,9 @@ Security Improvements
   to generate a new FURL, delete the existing ``introducer.furl`` file and
   restart it. After doing this, the ``[client]introducer.furl`` setting of
   every client and server that should connect to that introducer must be
-  updated. (`#1802`_)
+  updated. Note that other users of a shared machine may be able to read
+  ``introducer.furl`` from your ``tahoe.cfg`` file unless you configure the
+  file permissions to prevent them. (`#1802`_)
 - Both ``introducer.furl`` and ``helper.furl`` are now censored from the
   Welcome page, to prevent users of your gateway from learning enough to
   create gateway nodes of their own.  For existing guessable introducer
Unnamed repository; edit this file 'description' to name the repository.