# HG changeset patch
# User Paul Crowley <paul@lshift.net>
# Date 1255600832 -3600
# Node ID 02b464a6b43314c3f10f8395f8d4e6ac6096fefc
# Parent  dc4ed4edb458f0ebd64c4c40aef92901f89127f4
Improvements to how it works section

diff -r dc4ed4edb458 -r 02b464a6b433 doc/manual.docbook
--- a/doc/manual.docbook	Thu Oct 15 10:57:25 2009 +0100
+++ b/doc/manual.docbook	Thu Oct 15 11:00:32 2009 +0100
@@ -365,9 +365,10 @@
 Each SSH key that has access to the repository has an entry in
 <filename>~hg/.ssh/authorized_keys</filename>; this is how the SSH daemon
 knows to give that key access. When the user connects over SSH, their
-commands are run in a specially crafted restricted shell; this shell knows
-which key was used to connect, determines what the user is trying to do,
-and checks the access rules to decide whether to allow it.  
+commands are run in a custom restricted shell; this shell knows which key
+was used to connect, determines what the user is trying to do, checks the
+access rules to decide whether to allow it, and if allowed invokes
+Mercurial internally, without forking.
 </para>
 <para>
 This restricted shell also ensures that certain Mercurial extensions are