From a95d7893c50e86435f568dbd4705c5d81c3a38ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= <bserie@evolix.fr>
Date: Fri, 18 Aug 2017 14:37:18 +0200
Subject: [PATCH] Add a comment about AcceptEnv

---
 evolinux-base/tasks/ssh.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/evolinux-base/tasks/ssh.yml b/evolinux-base/tasks/ssh.yml
index 9326b13c..b9cfd9e6 100644
--- a/evolinux-base/tasks/ssh.yml
+++ b/evolinux-base/tasks/ssh.yml
@@ -59,6 +59,8 @@
   notify: reload sshd
   when: evolinux_ssh_disable_root
 
+# We disable AcceptEnv because it can be a security issue, but also because we
+# do not want clients to push their environment variables like LANG.
 - name: disable AcceptEnv in ssh config
   replace:
     dest: /etc/ssh/sshd_config