From 71f63ef0fd4e3ec0a10e88e1153366a314d1195b Mon Sep 17 00:00:00 2001
From: Graham Christensen <graham@grahamc.com>
Date: Thu, 1 Mar 2018 12:58:04 -0500
Subject: [PATCH] Document known vs. trusted users and their implicatinos

---
 README.md                     | 29 ++++++++++++++++++++++++++---
 config.extra-known-users.json |  1 -
 config.public.json            |  2 +-
 3 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 78206c4..ec0ff37 100644
--- a/README.md
+++ b/README.md
@@ -9,9 +9,10 @@
 
 ## Automatic Building
 
-Users who are _trusted_ (see: ./config.public.json) or _known_ (see:
-./config.known-users.json) will have their PRs automatically trigger
-builds if their commits follow the well-defined format of Nixpkgs.
+Users who are _trusted_ or _known_ (see: Trusted Users vs Known Users)
+will have their PRs automatically trigger builds if their commits
+follow the well-defined format of Nixpkgs.
+
 Example messages and the builds:
 
 |Message|Automatic Build|
@@ -104,6 +105,28 @@ This is will build `list`, `of`, `attrs`, `looks`, `good`, `to`, `me!`:
 @grahamcofborg build list of attrs looks good to me!
 ```
 
+## Trusted Users vs Known Users
+
+Known users have their builds executed on platforms with working
+sandboxing. At the time of writing, that means:
+
+ - `x86_64-linux`
+ - `aarch64_linux`
+
+Trusted users have their builds executed on _all_ platforms, even if
+they don't have good sandboxing. This opens the host up to a higher
+risk of security issues, so only well known, trusted member of the
+community should be added to the trusted user list.
+
+At the time of writing, trusted users have their builds run on the
+following platforms:
+
+ - `x86_64-linux`
+ - `aarch64_linux`
+ - `x86_64-darwin`
+
+See ./config.public.json and ./config.known-users.json for a list of
+all the trusted and known users.
 
 # How does OfBorg call nix-build?
 
diff --git a/config.extra-known-users.json b/config.extra-known-users.json
index 22a7dc7..9d015b2 100644
--- a/config.extra-known-users.json
+++ b/config.extra-known-users.json
@@ -1,6 +1,5 @@
 [
     "bhipple",
-    "dotlambda",
     "dywedir",
     "unode"
 ]
diff --git a/config.public.json b/config.public.json
index 724cb06..33509c7 100644
--- a/config.public.json
+++ b/config.public.json
@@ -23,7 +23,7 @@
             "dtzwill",
             "edolstra",
             "ericson2314",
-	    "flokli",
+            "flokli",
             "fpletz",
             "fridh",
             "garbas",