From 0b240c05a83fee728c6a177833bf618e0922fec4 Mon Sep 17 00:00:00 2001
From: Tom Rhodes <trhodes@FreeBSD.org>
Date: Wed, 11 Dec 2002 01:22:23 +0000
Subject: [PATCH] Remove old note, add a new note.  This has to do with use of
 extended attributes on ACLs.

Submitted by:	rwatson (original version)
---
 en_US.ISO8859-1/books/handbook/security/chapter.sgml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/en_US.ISO8859-1/books/handbook/security/chapter.sgml b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
index da8e3191b0..32e4bb1f72 100644
--- a/en_US.ISO8859-1/books/handbook/security/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
@@ -3511,10 +3511,12 @@ user@unfirewalled.myserver.com's password: <userinput>*******</userinput></scree
       the file system.  This is supported natively in the next generation of
       the <acronym>UNIX</acronym> file system or <acronym>UFS2</acronym>.</para>
 
-    <note><para>The use of extended attributes on <acronym>UFS1</acronym> file
-      systems will lead to higher administration overhead and lower overall
-      file system performance.  <acronym>UFS2</acronym> does not have this
-      problem.</para></note>
+    <note><para>A higher level of administrative overhead is required to
+      configure extended attributes on <acronym>UFS1</acronym> than on
+      <acronym>UFS2</acronym>.  The performance of extended attributes
+      on <acronym>UFS2</acronym> is also substantially higher.  As a
+      result, <acronym>UFS2</acronym> is generally recommended in preference
+      to <acronym>UFS1</acronym> for use with access control lists.</para></note>
 
     <para>To enable <acronym>ACLs</acronym> on a file system, the <option>-a</option>
       option can be passed to &man.tunefs.8; in a manner similar to the Soft Updates