From 1172978b8fa1baf7c641818ba0b562542eb71c81 Mon Sep 17 00:00:00 2001
From: Achilleas Pipinellis <axilleas@axilleas.me>
Date: Wed, 30 Mar 2016 15:32:42 +0300
Subject: Change shared Runners warning message and link to docs

---
 app/views/projects/runners/_shared_runners.html.haml |  5 ++++-
 doc/ci/runners/README.md                             | 13 ++++++++++---
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/app/views/projects/runners/_shared_runners.html.haml b/app/views/projects/runners/_shared_runners.html.haml
index 6a37f444bb7..1f656971f46 100644
--- a/app/views/projects/runners/_shared_runners.html.haml
+++ b/app/views/projects/runners/_shared_runners.html.haml
@@ -1,7 +1,10 @@
 %h3 Shared runners
 
 .bs-callout.bs-callout-warning
-  GitLab Runners do not offer secure isolation between projects that they do builds for. You are TRUSTING all GitLab users who can push code to project A, B or C to run shell scripts on the machine hosting runner X.
+  Depending on the executor that GitLab Runners use, they may not offer secure
+  isolation between projects that they do builds for. Read more about
+  %a{href: "/help/ci/runners/README.md#attack-vectors-in-runners"}
+    GitLab Runner security.
   %hr
   - if @project.shared_runners_enabled?
     = link_to toggle_shared_runners_namespace_project_runners_path(@project.namespace, @project), class: 'btn btn-warning', method: :post do
diff --git a/doc/ci/runners/README.md b/doc/ci/runners/README.md
index 295d953db11..c76027f6949 100644
--- a/doc/ci/runners/README.md
+++ b/doc/ci/runners/README.md
@@ -62,7 +62,7 @@ Now simply register the runner as any runner:
 sudo gitlab-runner register
 ```
 
-Shared runners are enabled by default as of GitLab 8.2, but can be disabled with the 
+Shared runners are enabled by default as of GitLab 8.2, but can be disabled with the
 `DISABLE SHARED RUNNERS` button. Previous versions of GitLab defaulted shared runners to
 disabled.
 
@@ -142,5 +142,12 @@ project.
 
 # Attack vectors in runners
 
-Mentioned briefly earlier, but the following things of runners can be exploited.
-We're always looking for contributions that can mitigate these [Security Considerations](https://gitlab.com/gitlab-org/gitlab-ci-multi-runner/blob/master/docs/security/index.md).
+Depending on the executor that GitLab Runners use, they may not offer secure
+isolation between projects that they do builds for. In that case, you are
+**trusting** all GitLab users who can push code to project A, B or C to run
+shell scripts on the machine hosting runner X.
+
+We're always looking for contributions that can mitigate these Security
+considerations. Read more on [Runners security][security].
+
+[security]: https://gitlab.com/gitlab-org/gitlab-ci-multi-runner/blob/master/docs/security/index.md
-- 
cgit v1.2.3