--- a/doc/security	Tue Oct 13 10:41:24 2009 +0100
+++ b/doc/security	Tue Oct 13 12:03:23 2009 +0100
@@ -1,18 +1,19 @@
 SECURITY OF MERCURIAL-SERVER
 
-mercurial-server relies entirely on sshd to grant access to remote users. As a
-result, it runs no daemons, installs no setuid programs, and no part of it
-runs as root except the install process: all programs run as the user hg. And
-any attack on mercurial-server can only be started if the Bad Guys already
-have a public key in ~hg/.ssh/authorized_keys, otherwise sshd will bar the
-way. No matter what command the user tries to run on the remote system via
-ssh, mercurial-server is run. 
+mercurial-server relies entirely on sshd to grant access to remote users.
+As a result, it runs no daemons, installs no setuid programs, and no part
+of it runs as root except the install process: all programs run as the user
+hg. And any attack on mercurial-server can only be started if the Bad Guys
+already have a public key in ~hg/.ssh/authorized_keys, otherwise sshd will
+bar the way.
 
-It parses the command line the user asked for, and interprets and runs the
-corresponding hg operation itself if access is allowed, so users can only read
-and add to history within repositories; they cannot run any other hg command.
-In addition, every push and pull is logged with a datestamp, changeset ID and
-the key that performed the operation.
+No matter what command the user tries to run on the remote system via ssh,
+mercurial-server is run. It parses the command line the user asked for, and
+interprets and runs the corresponding hg operation itself if access is
+allowed, so users can only read and add to history within repositories;
+they cannot run any other hg command. In addition, every push and pull is
+logged with a datestamp, changeset ID and the key that performed the
+operation.
 
 However, while the first paragraph holds no matter what bugs
 mercurial-server contains, the second depends on the relevant code being