From 0ac32cbb99ea49a9110bf5b2e00f2563a3095751 Mon Sep 17 00:00:00 2001
From: Michael Raskin <7c6f434c@mail.ru>
Date: Fri, 11 Jul 2008 08:01:09 +0000
Subject: [PATCH] Added comments about seccureKeys for configuration files
 encryption

svn path=/nixos/trunk/; revision=12342
---
 system/options.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/system/options.nix b/system/options.nix
index cbea9b26d969..7e232c242319 100644
--- a/system/options.nix
+++ b/system/options.nix
@@ -2467,7 +2467,13 @@
         default = /var/elliptic-keys/public;
 	description = "
 	  Public key. Make it path argument, so it is copied into store and
-	  hashed.
+	  hashed. 
+
+	  The key is used to encrypt Gateway 6 configuration in store, as it
+	  contains a password for external service. Unfortunately, 
+	  derivation file should be protected by other means. For example, 
+	  nix-http-export.cgi will happily export any non-derivation path,
+	  but not a derivation.
 	";
       };
       private = mkOption {