sec docs: explicitly note what happens OUTSIDE the attack model

(cherry picked from commit 674ce72fda)
2025-01-31 11:42:05 +00:00 · 2018-01-10 12:31:06 +01:00 · 2018-01-10 12:31:06 +01:00 · ac0b9fbdae
commit ac0b9fbdae
parent d7ec959ce2
1 changed files with 4 additions and 0 deletions
--- a/docs/internals/security.rst
+++ b/docs/internals/security.rst
@ -37,6 +37,10 @@ Under these circumstances Borg guarantees that the attacker cannot
 The attacker can always impose a denial of service per definition (he could
 forbid connections to the repository, or delete it entirely).

+When the above attack model is extended to include multiple clients
+independently updating the same repository, then Borg fails to provide
+confidentiality (i.e. guarantees 3) and 4) do not apply any more).
+
 .. _security_structural_auth:

 Structural Authentication