From f7721aaaa14f789e911a61e5e946d618521920a9 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 19 Feb 2016 07:11:03 -0500 Subject: Good clarification from @dstufft --- docs/security.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/security.rst b/docs/security.rst index f937afb3..1cc1273d 100644 --- a/docs/security.rst +++ b/docs/security.rst @@ -28,8 +28,8 @@ To give a few examples of things we would consider security issues: Examples of things we wouldn't consider security issues: -* Offering ECB mode for symmetric encryption. Though ECB is critically weak, it - is documented as being weak in our documentation. +* Offering ECB mode for symmetric encryption in the *Hazmat* layer. Though ECB + is critically weak, it is documented as being weak in our documentation. * Using a variable time comparison somewhere, if it's not possible to articulate any particular program in which this would result in problematic information disclosure. -- cgit v1.2.3