From 09c14ab42dd2d43df2c7d27ec46509f73184dbd5 Mon Sep 17 00:00:00 2001
From: "David A. Wheeler" <dwheeler@dwheeler.com>
Date: Sat, 26 Aug 2017 16:51:17 -0400
Subject: [PATCH] Note Python versioning issues with pickle in flawfinder.1 man
 page.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
---
 flawfinder.1 | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/flawfinder.1 b/flawfinder.1
index 371f974..2fd52b7 100644
--- a/flawfinder.1
+++ b/flawfinder.1
@@ -564,6 +564,12 @@ Save all resulting hits (the "hitlist") to F.
 Load the hitlist from F instead of analyzing source programs.
 Warning: Do \fInot\fR load hitlists from untrusted sources
 (for security reasons).
+These are internally implemented using Python's "pickle" facility,
+which trusts the input.
+Note that stored hitlists often cannot be read when using an older version
+of Python, in particular, if savehitlist was used but
+flawfinder was run using Python 3,
+the hitlist can't be loaded by running flawfinder with Python 2.
 
 .TP
 \fB\-\-diffhitlist=\fR\fIF\fR