fixup! fixup! Expand docs on passwords for remote APIs

author: Alexander Batischev <eual.jp@gmail.com> 2019-03-09 00:15:42 +0300
committer: Alexander Batischev <eual.jp@gmail.com> 2019-03-09 00:36:11 +0300
commit: a98301382829d1d0b49effe5f0bde12eb5dfa234 (patch)
tree: 0a19711dbd305c4963bbf326008c4bdd4a4cdd32
parent: c7e73e91e17a03b39ece1859da79ad7619c8066c (diff)
download: newsboat-a98301382829d1d0b49effe5f0bde12eb5dfa234.tar.gz
newsboat-a98301382829d1d0b49effe5f0bde12eb5dfa234.tar.zst
newsboat-a98301382829d1d0b49effe5f0bde12eb5dfa234.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/chapter-password.txt b/doc/chapter-password.txt
index 672b3f4c..bf6b9a77 100644
--- a/doc/chapter-password.txt
+++ b/doc/chapter-password.txt
@@ -35,6 +35,11 @@ Now every time they start Newsboat, GPG will be ran. It'll probably ask for
 keyring password, then decrypt the file, and pass its contents to Newsboat,
 which will use it to authenticate with the remote API.
 
+Note that Newsboat will keep the password in memory the entire time Newsboat is
+running. Other programs might be able to dump the memory and obtain the
+password. We don't currently have any protection from that; patches are
+welcome.
+
 The user might use any other command here; for example, they could fetch the
 password from GNOME keyring, KeePass, or somewhere else entirely. The
 possibilities are truly endless.
author	Alexander Batischev <eual.jp@gmail.com>	2019-03-09 00:15:42 +0300
committer	Alexander Batischev <eual.jp@gmail.com>	2019-03-09 00:36:11 +0300
commit	a98301382829d1d0b49effe5f0bde12eb5dfa234 (patch)
tree	0a19711dbd305c4963bbf326008c4bdd4a4cdd32
parent	c7e73e91e17a03b39ece1859da79ad7619c8066c (diff)
download	newsboat-a98301382829d1d0b49effe5f0bde12eb5dfa234.tar.gz newsboat-a98301382829d1d0b49effe5f0bde12eb5dfa234.tar.zst newsboat-a98301382829d1d0b49effe5f0bde12eb5dfa234.zip