From 0ea5ac68bca08036971484a8d9749e68916060ee Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Sat, 25 Feb 2017 14:17:01 +0100
Subject: man: document system extensions

---
 man/pass.1 | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/man/pass.1 b/man/pass.1
index ea94f6d..ffbc405 100644
--- a/man/pass.1
+++ b/man/pass.1
@@ -33,7 +33,8 @@ or
 depending on the type of specifier in ARGS. Alternatively, if \fIPASSWORD_STORE_ENABLE_EXTENSIONS\fP
 is set to "true", and the file \fI.extensions/COMMAND.bash\fP exists inside the
 password store and is executable, then it is sourced into the environment,
-passing any arguments and environment variables.
+passing any arguments and environment variables. Extensions existing in a
+system-wide directory, only installable by the administrator, are always enabled.
 
 Otherwise COMMAND must be one of the valid commands listed below.
 
@@ -454,7 +455,7 @@ The location to look for executable extension files, by default
 \fIPASSWORD_STORE_DIR/.extensions\fP.
 .TP
 .I PASSWORD_STORE_SIGNING_KEY
-If this environment variable is set, then all \fB.gpg-id\fP files and extension files
+If this environment variable is set, then all \fB.gpg-id\fP files and non-system extension files
 must be signed using a detached signature using the GPG key specified by the full 40 character
 upper-case fingerprint in this variable. If multiple fingerprints are specified, each
 separated by a whitespace character, then signatures must match at least one.
-- 
cgit v1.2.3