From: Eric Wong <e@80x24.org>
Date: Sat, 30 Oct 2021 08:11:44 +0000 (+0000)
Subject: doc: lei-security: add a note about core dumps
X-Git-Tag: v1.7.0~25
X-Git-Url: http://www.git.stargrave.org/?a=commitdiff_plain;h=81d53eb6d390a3fbfc67e4630c1fded12688b134;p=public-inbox.git

doc: lei-security: add a note about core dumps

Maybe we can avoid them if we stop having buggy code :P
---

diff --git a/Documentation/lei-security.pod b/Documentation/lei-security.pod
index 8cbd8993..104bfb48 100644
--- a/Documentation/lei-security.pod
+++ b/Documentation/lei-security.pod
@@ -64,6 +64,12 @@ public-facing L<public-inbox-daemon(8)> processes.  They may
 reside on shared storage and may be made world-readable to
 other users on the local system.
 
+=head1 CORE DUMPS
+
+In case any process crashes, a core dumps may contain passwords or
+contents of sensitive messages.  Please report these so they can be
+fixed (see L</CONTACT>).
+
 =head1 NETWORK ACCESS
 
 lei currently uses the L<curl(1)> and L<git(1)> executables in