From 30feec090adf04f85800011ba665d003795b8140 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Fri, 2 Feb 2024 10:24:26 -0500
Subject: [PATCH] docs: add suitability warning to top-level README

We already had a version of this warning in the webpki-roots crate's
top-level rustdoc. This ports the warning to the top-level git README so
that it is visible to folks evaluating the crate in GitHub as well.
---
 README.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/README.md b/README.md
index 5cce3a1..0c7afa7 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,16 @@ Inspired by [certifi.io](https://certifi.io/en/latest/).
 [![webpki-roots](https://github.com/rustls/webpki-roots/actions/workflows/build.yml/badge.svg?branch=main)](https://github.com/rustls/webpki-roots/actions/workflows/build.yml)
 [![Crate](https://img.shields.io/crates/v/webpki-roots.svg)](https://crates.io/crates/webpki-roots)
 
+# Warning
+
+This library is suitable for use in applications that can always be recompiled and instantly deployed.
+For applications that are deployed to end-users and cannot be recompiled, or which need certification
+before deployment, consider a library that uses the platform native certificate verifier such as
+[rustls-platform-verifier]. This has the additional benefit of supporting OS provided CA constraints
+and revocation data.
+
+[rustls-platform-verifier]: https://docs.rs/rustls-platform-verifier
+
 # License
 The underlying data is MPL-licensed, and `webpki-roots/src/lib.rs`
 is therefore a derived work.