From 0abb205b47158a4160ddceb317c0245d640b6e3f Mon Sep 17 00:00:00 2001
From: Matthew Hodgson <matthew@matrix.org>
Date: Mon, 18 Dec 2017 01:52:46 +0000
Subject: blindly incorporate PR review - needs testing & fixing

---
 synapse/rest/client/v2_alpha/room_keys.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'synapse/rest/client/v2_alpha')

diff --git a/synapse/rest/client/v2_alpha/room_keys.py b/synapse/rest/client/v2_alpha/room_keys.py
index 128b732fb1..70b7b4573f 100644
--- a/synapse/rest/client/v2_alpha/room_keys.py
+++ b/synapse/rest/client/v2_alpha/room_keys.py
@@ -68,6 +68,8 @@ class RoomKeysServlet(RestServlet):
          * lower forwarded_count always wins over higher forwarded_count
 
         We trust the clients not to lie and corrupt their own backups.
+        It also means that if your access_token is stolen, the attacker could
+        delete your backup.
 
         POST /room_keys/keys/!abc:matrix.org/c0ff33?version=1 HTTP/1.1
         Content-Type: application/json
-- 
cgit 1.4.1