From 4352e125df562558c707b9e9f068b3aff23ccd73 Mon Sep 17 00:00:00 2001
From: Andrew Engelbrecht <andrew@engelbrecht.io>
Date: Mon, 12 Sep 2022 22:29:42 -0400
Subject: [PATCH] security note pertaining to backup pruning

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index 5fa802c..e331526 100644
--- a/README.md
+++ b/README.md
@@ -111,6 +111,12 @@ The rest-server's `--append-only` mode is meant to prevent infected machines
 from deleting their own past backups. Target machines are still able to push
 new backups, and to read archived data.
 
+**Security limitation:** The remote client backed up via Kaya runs the restic
+command, so it has control over setting time stamp metadata for new backups. If
+malicious time stamps are set by the client, and you then prune your backups,
+legitimate backups you want to keep may be automatically removed, leaving
+illegitimate ones.
+
 ## Contributing
 
 If you'd like to contribute to Kaya, feel free to open an issue or pull
-- 
2.25.1