From 6e91622a4c6e7a84a5d722462dea21b08b478dab Mon Sep 17 00:00:00 2001
From: Rolf Leggewie <foss@rolf.leggewie.biz>
Date: Tue, 17 Apr 2018 15:16:55 +0800
Subject: [PATCH] README: talk a bit about security implications of an
 abandoned upstream

---
 debian/README.Debian | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/debian/README.Debian b/debian/README.Debian
index 948c2d2..3e61212 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -19,6 +19,21 @@ remote address to test your network
 
 For more info check http://www.ntop.org/n2n
 
+SECURITY
+--------
+
+n2n was abandoned upstream many years ago.  It is also a leaf package in use by
+only a limited number of users.  Therefore, users should take into account the
+possibility of security vulnerabilities in the VPNs it creates.  n2n is probably
+not the best solution for you if you need a very high level of security for your
+communications going over the VPN.  Consider one of the alternatives like
+freelan, another p2p VPN solution available in Debian and its derivatives.
+
+That being said, n2n is still in use on an almost daily basis by the Debian
+maintainer who is not aware of any exploits.  He likes n2n for its availability
+on a number of platforms including routers (OpenWRT, Freetz), low footprint,
+simple configuration and independence from a trusted central relay.
+
 TROUBLESHOOTING
 ---------------