From efdb4d8f443768e59529c299290bee8b1f8f93c3 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Sat, 7 Nov 2015 21:15:20 -0500
Subject: [PATCH] docs: Note not to put private keys in /usr/share/ostree

https://bugzilla.gnome.org/show_bug.cgi?id=757524
---
 doc/ostree.xml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/doc/ostree.xml b/doc/ostree.xml
index b83177f1..161ef0bc 100644
--- a/doc/ostree.xml
+++ b/doc/ostree.xml
@@ -425,10 +425,12 @@ Boston, MA 02111-1307, USA.
         <title>GPG verification</title>
 
         <para>
-            OSTree supports signing commits with GPG.  The
-            set of trusted keys is stored as keyring files in
-            <filename>/usr/share/ostree/trusted.gpg.d</filename>.  Any key in
-            any keyring in that directory may be used to sign commits.
+            OSTree supports signing commits with GPG.  The set of
+            trusted public keys is stored as keyring files in
+            <filename>/usr/share/ostree/trusted.gpg.d</filename>.  Any
+            public key in a keyring file in that directory will be
+            trusted by the client.  No private keys should be present
+            in this directory.
         </para>
     </refsect1>