diff --git a/etc/newsyslog.conf b/etc/newsyslog.conf
index d4de96e5a2dc..58789b72012c 100644
--- a/etc/newsyslog.conf
+++ b/etc/newsyslog.conf
@@ -1,6 +1,12 @@
 # configuration file for newsyslog
 # $FreeBSD$
 #
+# Note: some sites will want to select more restrictive protections than the
+# defaults.  In particular, it may be desirable to switch many of the 644
+# entries to 640 or 600.  For example, some sites will consider the
+# contents of maillog, messages, and lpd-errs to be confidential.  In the
+# future, these defaults may change to more conservative ones.
+#
 # logfilename          [owner:group]    mode count size when [ZJB] [/pid_file] [sig_num]
 /var/log/cron				600  3	   100  *     Z
 /var/log/amd.log			644  7	   100  *     Z