summaryrefslogtreecommitdiff
path: root/doc/security.mdwn
diff options
context:
space:
mode:
authorJoey Hess2014-11-18 17:33:08 -0400
committerJoey Hess2014-11-18 17:33:08 -0400
commiteaa460c04bfa65f566693c9262c591890d506725 (patch)
tree1f2a67bfb20d1eac77db37e66cd9159d52db40dc /doc/security.mdwn
parent74e067fa7640847cb0395ab4bf17c1d01c3b9349 (diff)
doc updates
Diffstat (limited to 'doc/security.mdwn')
-rw-r--r--doc/security.mdwn3
1 files changed, 2 insertions, 1 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 075d68ec..bcbc28ed 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -1,5 +1,6 @@
Propellor's security model is that the hosts it's used to deploy are
-untrusted, and that the central git repository server is untrusted too.
+untrusted, and that the central git repository server, if any,
+is untrusted too.
The only trusted machine is the laptop where you run `propellor --spin`
to connect to a remote host. And that one only because you have a ssh key