+The .users file is designed to live in a SCM repository, such as git,
+alongside all the other encrypted files. In order to prevent
+unauthorized tampering with the .users file - for tricking somebody to
+re-encrypt data to the wrong key - the .users file needs to be
+PGP-clearsigned with a key from a whitelist.
+
+This whitelist lives in ~/.pws-trusted-users, and simply takes one
+key fingerprint per line:
+
+---------------------------------
+# cat ~/.pws-trusted-users
+
+#formorer
+6E3966C1E1D15DB973D05B491E45F8CA9DE23B16
+---------------------------------
+
+Currently this whitelist is the same for any pws repositories a user
+might have. A patch to remove this limitation would be nice.
+
+