From 7ae630559fc3e72920b4c61bad6214ebc5deea8f Mon Sep 17 00:00:00 2001
From: Brian Warner <warner@lothar.com>
Date: Thu, 25 Apr 2013 19:14:17 -0700
Subject: [PATCH] NEWS: caution about secret introducer.furl in world-readable
 tahoe.cfg

---
 NEWS.rst | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/NEWS.rst b/NEWS.rst
index 19aacfbf..5bc827bb 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -32,7 +32,9 @@ Security Improvements
   to generate a new FURL, delete the existing ``introducer.furl`` file and
   restart it. After doing this, the ``[client]introducer.furl`` setting of
   every client and server that should connect to that introducer must be
-  updated. (`#1802`_)
+  updated. Note that other users of a shared machine may be able to read
+  ``introducer.furl`` from your ``tahoe.cfg`` file unless you configure the
+  file permissions to prevent them. (`#1802`_)
 - Both ``introducer.furl`` and ``helper.furl`` are now censored from the
   Welcome page, to prevent users of your gateway from learning enough to
   create gateway nodes of their own.  For existing guessable introducer
-- 
2.37.2