From 2de5ab41201c561a2684f15196ce37b0f34038a9 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@whonix.org>
Date: Mon, 6 Nov 2023 13:47:30 -0500
Subject: [PATCH] clarify scope of application specific hardening

fixes https://github.com/Kicksecure/security-misc/issues/154
---
 README.md | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 3150c4b..c80d04c 100644
--- a/README.md
+++ b/README.md
@@ -457,10 +457,22 @@ See:
     * Disables all and any kind of telemetry.
 * Security and privacy enhancements for gnupg's config file
 `/etc/skel/.gnupg/gpg.conf`. See also:
+    * https://raw.github.com/ioerror/torbirdy/master/gpg.conf
+    * https://github.com/ioerror/torbirdy/pull/11
 
-https://raw.github.com/ioerror/torbirdy/master/gpg.conf
+### project scope of application-specific hardening
 
-https://github.com/ioerror/torbirdy/pull/11
+Before sending pull requests to harden arbitrary applications, please note the scope of security-misc is limited to default installed applications in Kicksecure, Whonix. This includes:
+
+* Thunderbird, VLC Media Player, KeepassXC
+* Debian Specific System Components (APT, DPKG)
+* System Services (NetworkManager IPv6 privacy options, MAC address randomization)
+* Actually used development utilities such as `git`.
+
+It will not be possible to review and merge "1500" settings profiles for arbitrary applications outside of this context.
+
+Discussion:
+https://github.com/Kicksecure/security-misc/issues/154
 
 ## Opt-in hardening