docs: Note not to put private keys in /usr/share/ostree

author Colin Walters <walters@verbum.org>

Sun, 8 Nov 2015 02:15:20 +0000 (21:15 -0500)

committer Colin Walters <walters@verbum.org>

Sun, 8 Nov 2015 02:15:20 +0000 (21:15 -0500)
author Colin Walters <walters@verbum.org>
Sun, 8 Nov 2015 02:15:20 +0000 (21:15 -0500)
committer Colin Walters <walters@verbum.org>
Sun, 8 Nov 2015 02:15:20 +0000 (21:15 -0500)
diff --git a/doc/ostree.xml b/doc/ostree.xml

index b83177f130fdfecb09d5d31fcb0bd4fbdc0bbb31..161ef0bc9175f47d73072d6aff533db651355026 100644 (file)
--- a/doc/ostree.xml
+++ b/doc/ostree.xml
@@ -425,10 +425,12 @@ Boston, MA 02111-1307, USA.
          <title>GPG verification</title>
  
          <para>
-            OSTree supports signing commits with GPG.  The
-            set of trusted keys is stored as keyring files in
-            <filename>/usr/share/ostree/trusted.gpg.d</filename>.  Any key in
-            any keyring in that directory may be used to sign commits.
+            OSTree supports signing commits with GPG.  The set of
+            trusted public keys is stored as keyring files in
+            <filename>/usr/share/ostree/trusted.gpg.d</filename>.  Any
+            public key in a keyring file in that directory will be
+            trusted by the client.  No private keys should be present
+            in this directory.
          </para>
      </refsect1>
author	Colin Walters <walters@verbum.org>
	Sun, 8 Nov 2015 02:15:20 +0000 (21:15 -0500)
committer	Colin Walters <walters@verbum.org>
	Sun, 8 Nov 2015 02:15:20 +0000 (21:15 -0500)