diff --git a/tsa/howto/svn.mdwn b/tsa/howto/svn.mdwn
index 40764d64bd37dd611729d92c628e3f6d41249cb2..0f064078aece5df91c27bc0e22f815223c8a40e5 100644
--- a/tsa/howto/svn.mdwn
+++ b/tsa/howto/svn.mdwn
@@ -6,13 +6,15 @@ Multiple people have access to the SVN server, in order:
 
 ## Layer 0: "the feds"
 
-While the virtual machine is hosted on a server with full disk
+While the virtual machine is (now) hosted on a server with full disk
 encryption, it's technically possible that a hostile party with physical
-access to the machine (or a 0day) would gain access to the machine using
-illegitimate means.
+access to the machine (or a 0-day) would gain access to the machine
+using illegitimate means.
 
 This attack vector exists for all of our infrastructure, to various
-extents.
+extents and is mitigated by trust in our upstream providers, our
+monitoring infrastructure, timely security updates, and full disk
+encryption.
    
 ## Layer 1: TPA sysadmins
 
@@ -28,7 +30,7 @@ months ago, in ticket #15949 by anarcat.
 ## Layer 3: SVN admins
 
 SVN service admins have access to the `svn-access-policy` repository
-which defines the two other access layers below. That repository is
+which defines the other two access layers below. That repository is
 protected, like other repositories, by HTTPS authentication and SVN
 access controls.
 
@@ -54,9 +56,12 @@ The SVN repositories currently accessible include:
 ## Layer 5: SVN access control
 
 The last layer of defense is the SVN "group" level access control,
-defined in the `svn-access-policy.corp` configuration file. Other
-repositories define other access controls, in particular the
-`svn-access-policy` repository has its own configuration file, as
+defined in the `svn-access-policy.corp` configuration file. In
+practice, however, I believe that only Layer 4 HTTPS access controls
+work for the corp repository.
+
+Note that other repositories define other access controls, in particular
+the `svn-access-policy` repository has its own configuration file, as
 explained in layer 3.
 
 ## Notes
@@ -64,3 +69,6 @@ explained in layer 3.
 The the above list, SVN configuration files are located in
 `/srv/svn.torproject.org/svn-access/wc/`, the "working copy" of the
 `svn-access` repository.
+
+This document is a redacted version of a fuller audit provided
+internally in march 2020.