README: multiple improvements

diff --git a/README.adoc b/README.adoc
index 6d85d51bb297dd8ce9abd085f5c198b26a26a191..94f279248a4c2aa7fb3239e1ce9f93233a866fe7 100644 (file)
--- a/README.adoc
+++ b/README.adoc
@@ -25,8 +25,10 @@ simplicity and safety in the following principles:
   injection attacks; each host only receives its own configuration and no data
   from other hosts
 - *safety and security*: create files with "write to temporary file", "sync",
-  "rename", "sync directory" for atomicity and durability; guard against
-  symlink and other TOCTOU attacks; extensive test suite
+  "rename", "sync directory" for atomicity and durability; implemented in a
+  memory safe language and using a simple synchronization protocol to prevent
+  attacks on the local host; guard against symlink and other TOCTOU attacks;
+  extensive test suite
 
 
 == Overview
@@ -96,14 +98,14 @@ future, others are due to the design of safcm.
 
 - Commands are executed with `/bin/sh -c` on the remote host which might leak
   sensitive information to other users via the command line (unless `/proc` is
-  mounted with `hidepid=`). Store sensitive data in a file and execute or
-  source it as a workaround.
+  mounted with `hidepid=` on GNU/Linux systems). Store sensitive data in a
+  file and execute or source it as a workaround.
 
 - Permissions of existing files and directories will be overwritten with the
   default (root/root, 0644 for files, 0755 for directories) unless manually
   configured via `permissions.yaml`. This includes important paths like
   `/root` which often have strict permissions by default, so carefully check
-  the diff output for unwanted changes.
+  the output for unwanted changes.
 
 - The full file content of all files is sent to the remote during
   synchronization. This makes it impractical to synchronize large files with
@@ -124,7 +126,7 @@ future, others are due to the design of safcm.
 == Requirements
 
 - to build the `safcm` binary and remote helper:
-  * Go >= 1.16
+  * Go >= 1.16 (for `go:embed`, `io/fs`)
   * GNU make
 
 - local host:
@@ -148,6 +150,14 @@ future, others are due to the design of safcm.
 Adding support for other operating systems (e.g. BSDs) or distributions
 including package managers (e.g. Arch, Gentoo) is easy. Please send patches.
 
+At the moment the remote helper is built for the following operating systems
+($GOOS) and architectures ($GOARCH). To add more architectures simply edit
+`cmd/safcm-remote/build.sh`.
+
+    - freebsd: amd64
+    - linux: amd64, armv7
+    - openbsd: amd64
+
 
 == Authors