From 5446aac0e539a465a37efbe80c1608f718fe03b6 Mon Sep 17 00:00:00 2001
From: Sally O'Malley <somalley@redhat.com>
Date: Fri, 4 Sep 2015 10:28:35 -0400
Subject: [PATCH] add --insecure-registry warning to online docs

Signed-off-by: Sally O'Malley <somalley@redhat.com>
---
 docs/reference/commandline/daemon.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md
index 632857c94c..22394b72a8 100644
--- a/docs/reference/commandline/daemon.md
+++ b/docs/reference/commandline/daemon.md
@@ -448,6 +448,12 @@ Local registries, whose IP address falls in the 127.0.0.0/8 range, are
 automatically marked as insecure as of Docker 1.3.2. It is not recommended to
 rely on this, as it may change in the future.
 
+Enabling `--insecure-registry`, i.e., allowing un-encrypted and/or untrusted
+communication, can be useful when running a local registry.  However, 
+because its use creates security vulnerabilities it should ONLY be enabled for
+testing purposes.  For increased security, users should add their CA to their 
+system's list of trusted CAs instead of enabling `--insecure-registry`.
+
 ## Running a Docker daemon behind a HTTPS_PROXY
 
 When running inside a LAN that uses a `HTTPS` proxy, the Docker Hub