From c6d6fbb9337328752e155ef0f2ec15d58ce41834 Mon Sep 17 00:00:00 2001
From: Wonderfall <wonderfall@protonmail.com>
Date: Thu, 4 Feb 2021 15:04:43 +0100
Subject: [PATCH] Update README.md

---
 README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/README.md b/README.md
index 7e8dbdb..f289582 100644
--- a/README.md
+++ b/README.md
@@ -5,6 +5,9 @@ A GNU Social-compatible microblogging server : https://github.com/tootsuite/mast
 #### Why this image?
 This image is not the official one. The main difference you can notice is that all processes (web, streaming, sidekiq) are running in a single container, thanks to s6 (a supervision suite). Therefore it's easier to deploy, but not recommended for scaling.
 
+#### Security
+As many images from the time it was first made, this image follows the principle of degrading privileges. It runs first as root to ensure permissions are set correctly and then only makes use of the UID/GID of your choice. While I agree it's not perfect (due to Linux insecurity), it seemed the best security/comfort balance at the time and it'll remain so for a while.
+
 #### Features
 - Based on Alpine Linux.
 - As lightweight as possible.