From 8a27f027a2ffe42b1ebb4c29aae1dccdcf362cf9 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Fri, 19 Jun 2020 12:13:11 +0200
Subject: clarify CodeBlau op sec question

---
 taler-auditor-manual.rst | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'taler-auditor-manual.rst')

diff --git a/taler-auditor-manual.rst b/taler-auditor-manual.rst
index 82b206ec..f5cca273 100644
--- a/taler-auditor-manual.rst
+++ b/taler-auditor-manual.rst
@@ -59,7 +59,11 @@ to other parties.
 
 To perform this duty, you will need at least (read-only) access to the bank
 transactions of the exchange, as well as a continuously synchronized replica
-of the exchange's database.
+of the exchange's database.  The general assumption for running the auditor
+is that this is done on a separate system controlled by the auditor. After
+all, the goal is to detect nerfarious activity of the exchange operator,
+which cannot be effectively done on a machine controlled by the exchange
+operator.
 
 For this, every auditor needs to operate a Postgres database.  The data
 collected will include sensitive information about Taler users, including
-- 
cgit v1.2.3