From 3dbbf761a8667ac2d832045537d78b3898823271 Mon Sep 17 00:00:00 2001
From: qoijjj <129108030+qoijjj@users.noreply.github.com>
Date: Mon, 30 Sep 2024 23:51:38 -0700
Subject: [PATCH] docs: add more details to recommended.md

---
 RECOMMENDED.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/RECOMMENDED.md b/RECOMMENDED.md
index c53e943..7f41437 100644
--- a/RECOMMENDED.md
+++ b/RECOMMENDED.md
@@ -1 +1,3 @@
 GNOME is the only desktop that secures privileged wayland protocols like screencopy. This means that on non-GNOME systems, applications can access screen content of the entire desktop. This implicitly includes the content of other applications. It's primarily for this reason that GNOME images are recommended. KDE has [plans](https://invent.kde.org/plasma/xdg-desktop-portal-kde/-/issues/7) to fix this. 
+
+Also, while the Bluefin-based images have GNOME, they can't be shipped with `hardened_malloc`. This is because they are rechunked, which exposes an [ostree memory bug](https://github.com/ostreedev/ostree/issues/3303). They instead ship with `hardened_malloc-light` to mitigate this issue. `hardened_malloc-light` is a security downgrade compared to `hardened_malloc`, and for this reason the Bluefin images can't be recommended. Stick with the listed recommended images for a maximally secure experience.