summaryrefslogtreecommitdiff
path: root/README
diff options
context:
space:
mode:
Diffstat (limited to 'README')
-rw-r--r--README10
1 files changed, 10 insertions, 0 deletions
diff --git a/README b/README
index 99bc000d..a568d0f5 100644
--- a/README
+++ b/README
@@ -26,6 +26,14 @@ of which classes and share which configuration. It might be nice to use
reclass[1], but then again a host is configured using simply haskell code,
and so it's easy to factor out things like classes of hosts as desired.
+## security
+
+Propellor's security model is that the hosts it's used to deploy are
+untrusted, and that the central git repository server is untrusted.
+
+The only trusted machine is the laptop where you run propellor --spin
+to connect to a remote host.
+
## bootstrapping and private data
To bootstrap propellor on a new host, use: propellor --spin $host
@@ -47,6 +55,8 @@ in such a file, use: propellor --set $host $field
The field name will be something like 'Password "root"'; see PrivData.hs
for available fields.
+
+
## using git://... securely
It's often easiest for a remote host to use a git:// or http://