diff --git a/en_US.ISO8859-1/articles/portbuild/article.xml b/en_US.ISO8859-1/articles/portbuild/article.xml
index 68b69da09e..c1d8b481af 100644
--- a/en_US.ISO8859-1/articles/portbuild/article.xml
+++ b/en_US.ISO8859-1/articles/portbuild/article.xml
@@ -2455,6 +2455,54 @@ zfs destroy -r a/snap/src-old-branch
Please talk to Mark Linimon before making any changes
to this section.
+
+ Notes on privilege separation
+
+ As of January 2013, a rewrite is in progress to further separate
+ privileges. The following concepts are introduced:
+
+
+
+ Server-side user portbuild assumes all
+ responsiblity for operations involving builds and communicating
+ with the clients. This user no longer has access to
+ sudo.
+
+
+
+ Server-side user srcbuild is created
+ and given responsiblity for operations involving both VCS
+ operations and anything involving src builds for the clients.
+ This user does not have access to
+ sudo.
+
+
+
+ The server-side
+ ports-arch
+ users go away.
+
+
+
+ None of the above server-side users have
+ ssh keys. Individual
+ portmgr will accomplish all those
+ tasks using ksu. (This is
+ still work-in-progress.)
+
+
+
+ The only client-side user is also named
+ portbuild and still has access to
+ sudo for the purpose of managing
+ jails.
+
+
+
+ This document has not yet been updated with the latest changes.
+
+
+
Basic installation