From 2efd4458f4db7f489ecc81f4039b8e8103edf9d9 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Tue, 16 Feb 2021 17:24:31 +0100
Subject: Don't load configuration files from ./ by default.

This is a breaking change: lacme(8) resp. lacme-accountd(1) no longer
consider ./lacme.conf resp. ./lacme-accountd.conf as default location
for the configuration file.  Doing so has security implications when
running these program from insecure directories.
---
 lacme.8.md | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'lacme.8.md')

diff --git a/lacme.8.md b/lacme.8.md
index cea5298..bc711ed 100644
--- a/lacme.8.md
+++ b/lacme.8.md
@@ -131,10 +131,9 @@ Configuration file
 ==================
 
 If `--config=` is not given, `lacme` uses the first existing
-configuration file among *./lacme.conf*,
-*$XDG_CONFIG_HOME/lacme/lacme.conf* (or *~/.config/lacme/lacme.conf* if
-the `XDG_CONFIG_HOME` environment variable is not set), and
-*@@sysconfdir@@/lacme/lacme.conf*.
+configuration file among *$XDG_CONFIG_HOME/lacme/lacme.conf* (or
+*~/.config/lacme/lacme.conf* if the `XDG_CONFIG_HOME` environment
+variable is not set), and *@@sysconfdir@@/lacme/lacme.conf*.
 Valid options are:
 
 Default section
-- 
cgit v1.2.3