From 32ea1285abe91da7cc2a11df2c7608c407d51bf0 Mon Sep 17 00:00:00 2001
From: Jannis Leidel <jannis@leidel.info>
Date: Sun, 26 Jun 2011 16:52:01 +0000
Subject: [PATCH] Fixed #16285 -- Removed a misleading comment from the signing
 code, thanks PaulM.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16458 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
 django/core/signing.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/django/core/signing.py b/django/core/signing.py
index 054777a260..fadeb8a923 100644
--- a/django/core/signing.py
+++ b/django/core/signing.py
@@ -96,8 +96,10 @@ def dumps(obj, key=None, salt='django.core.signing', compress=False):
     save some space. Prepends a '.' to signify compression. This is included
     in the signature, to protect against zip bombs.
 
-    Salt can be used to further salt the hash, in case you're worried
-    that the NSA might try to brute-force your SHA-1 protected secret.
+    Salt can be used to namespace the hash, so that a signed string is
+    only valid for a given namespace. Leaving this at the default
+    value or re-using a salt value across different parts of your
+    application without good cause is a security risk.
     """
     json = simplejson.dumps(obj, separators=(',', ':'))