From d775855a236aaeae9ef5e344ba1b821fed1c832b Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Thu, 30 Apr 2020 11:18:58 -0700 Subject: [PATCH] Clarify Ledger security implications (#9820) (#9823) automerge --- docs/src/hardware-wallets/ledger.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/docs/src/hardware-wallets/ledger.md b/docs/src/hardware-wallets/ledger.md index 7f1a9f5414..5e0883d31e 100644 --- a/docs/src/hardware-wallets/ledger.md +++ b/docs/src/hardware-wallets/ledger.md @@ -45,14 +45,22 @@ anywhere you see an option or argument that accepts a ``. ### Install the Solana Beta App -For those of you that enjoy life on the edge, you can use the command-line to -install the latest Solana Ledger app release before it has been validated by +You're invited to help us test the latest pre-release version of our Ledger app +on one of the public testnets. + +You can use the command-line to install the latest Solana Ledger app release before it has been validated by the Ledger team and made available via Ledger Live. Note that because the app is not installed via Ledger Live, you will need to approve installation from an "unsafe" manager, as well as see the message, "This app is not genuine" each time you open the app. Once the app is available on Ledger Live, you can reinstall the app from there, and the message will no longer be displayed. +**WARNING:** Installing an unsigned Ledger app reduces the security of your Ledger device. +If your client is compromised, an attacker will be able to trick you into signing arbitrary +transactions with arbitrary derivation paths. Only use this installation method if you understand +the security implications. We strongly recommend that you use a separate +Ledger device, with no other wallets/apps sharing the same seed phrase. + 1. Connect your Ledger device via USB and enter your pin to unlock it 2. Download and run the Solana Ledger app installer: ```text