Add details on the options customers have

davidjarzebowski · web-flow · commit 82b3b1a76a1b · 2023-04-26T13:59:57.000-04:00
diff --git a/docs/requirements.md b/docs/requirements.md
@@ -8,13 +8,20 @@ storage and must have network connectivity with the GitHub Enterprise Server app
 Backup host software requirements are modest: Linux or other modern Unix operating
 system (Ubuntu is highly recommended) with [bash][1], [git][2], [OpenSSH][3] 5.6 or newer, [rsync][4] v2.6.4 or newer, and [jq][11] v1.5 or newer.
 
-************ Update April 2023 ************
+---
+### Update April 2023
 
-The [recent fix to rsync](https://github.com/WayneD/rsync/blob/master/NEWS.md#news-for-rsync-325-14-aug-2022) for [CVE-2022-29154](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29154) is causing severe performance impacts on backup-utils.
+The [recent fix to rsync](https://github.com/WayneD/rsync/blob/master/NEWS.md#news-for-rsync-325-14-aug-2022) for [CVE-2022-29154](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29154) causes severe performance impacts on backup-utils.
 
-These impacts can be mitigated by using the `--trust-sender` flag with rsync. Unfortunately some Linux distributions have backported the fix for this CVE to their rsync package without also backporting the `--trust-sender` flag. If your backup host is running an operating system that has done this, your options are to either downgrade the rsync package to a version before the CVE fix was backported, or upgrade the rsync package to v3.2.5 or newer.
+These impacts can be mitigated by using the `--trust-sender` flag with rsync. Unfortunately some Linux distributions have backported the fix for this CVE to their rsync package without also backporting the `--trust-sender` flag. If your backup host is running on an operating system in this situation (i.e. the CVE fix has been backported but the `--trust-sender` flag has not) you have three options:
 
-*******************************************
+1. Downgrade (using the package manager on your host) the rsync package to a version before the CVE fix was backported
+2. Upgrade (using the package manager on your host) the rsync package to v3.2.5 or newer
+3. Manually download and build the rsync binary
+
+Option #3 is required if your operating system's package manager does not have access to rsync v3.2.5 or later (e.g. Ubuntu Focal).
+
+---
 
 The parallel backup and restore feature will require [GNU awk][10] and [moreutils][9] to be installed.
 
