2 files changed, 16 insertions, 1 deletions

diff --git a/docs/contributing.rst b/docs/contributing.rst
index 3de41fd5..184ba214 100644
--- a/docs/contributing.rst
+++ b/docs/contributing.rst
@@ -60,6 +60,12 @@ always indistinguishable. As a result ``cryptography`` has, as a design
 philosophy: "make it hard to do insecure things". Here are a few strategies for
 API design which should be both followed, and should inspire other API choices:
 
+If it is necessary to compare a user provided value with a computed value (for
+example, verifying a signature), there should be an API provided which performs
+the verification in a secure way (for example, using a constant time
+comparison), rather than requiring the user to perform the comparison
+themselves.
+
 If it is incorrect to ignore the result of a method, it should raise an
 exception, and not return a boolean ``True``/``False`` flag. For example, a
 method to verify a signature should raise ``InvalidSignature``, and not return
diff --git a/docs/index.rst b/docs/index.rst
index a1cebc30..b800bcaf 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -17,7 +17,16 @@ You can install ``cryptography`` with ``pip``:
 .. note::
 
     If you're on Windows you'll need to make sure you have OpenSSL installed.
-    There are `pre-compiled binaries`_ available.
+    There are `pre-compiled binaries`_ available. If your installation is in
+    an unusual location set the ``LIB`` and ``INCLUDE`` environment variables
+    to include the corresponding locations. For example:
+    
+    .. code-block:: console
+    
+        C:\> \path\to\vcvarsall.bat x86_amd64
+        C:\> set LIB=C:\OpenSSL-1.0.1f-64bit\lib;%LIB%
+        C:\> set INCLUDE=C:\OpenSSL-1.0.1f-64bit\include;%INCLUDE%
+        C:\> pip install cryptography
 
 
 Why a new crypto library for Python?