From 7036c29db2b0ea40dccb0c505d6ef4b6085bf192 Mon Sep 17 00:00:00 2001
From: kegsay <kegan@matrix.org>
Date: Thu, 9 Nov 2023 17:00:13 +0000
Subject: [PATCH] Update 3575-sync.md

---
 proposals/3575-sync.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/proposals/3575-sync.md b/proposals/3575-sync.md
index e3459f62..7fb64485 100644
--- a/proposals/3575-sync.md
+++ b/proposals/3575-sync.md
@@ -1462,7 +1462,8 @@ This would have numerous benefits:
  - some would argue this is less complex than designing a custom API.
 
 This would have the following drawbacks:
- - easy to design slow performing queries. Denial of Service risk, mitigated via strong rate limits (see [Github v4 API](https://docs.github.com/en/graphql/overview/rate-limits-and-node-limits-for-the-graphql-api),
+ - easy to design slow performing queries which work well for small accounts but degrade on large accounts,
+ - Denial of Service risk, mitigated via strong rate limits (see [Github v4 API](https://docs.github.com/en/graphql/overview/rate-limits-and-node-limits-for-the-graphql-api)),
  - higher bandwidth costs than a custom API (both for requests and responses),
  - easier to accidentally expose confidential information by not applying sufficient authentication checks,
  - some would argue this is more complex than designing a custom API,