move wishlist item out out of bug list

1 files changed, 16 insertions, 0 deletions

diff --git a/doc/todo/git_annex_get___60__file__62___should_verify_file_hash/comment_1_650e01a04104120ef1db4ff16fedc4f1._comment b/doc/todo/git_annex_get___60__file__62___should_verify_file_hash/comment_1_650e01a04104120ef1db4ff16fedc4f1._comment
new file mode 100644
index 000000000..621e01d6f
--- /dev/null
+++ b/doc/todo/git_annex_get___60__file__62___should_verify_file_hash/comment_1_650e01a04104120ef1db4ff16fedc4f1._comment
@@ -0,0 +1,16 @@
+[[!comment format=mdwn
+ username="http://joeyh.name/"
+ ip="209.250.56.87"
+ subject="comment 1"
+ date="2013-12-15T19:38:48Z"
+ content="""
+If you don't trust a remote repository, then you should either
+
+a) Not use that repository at all, because its malicious owner could put any evil file he wants in it with an entirely correct hash.
+
+b) Make it a gcrypt remote so all content stored on it is encrypted. Decrypting it will include validating that you get out what you originally put in.
+
+So these scenarios are not good arguments for validating every file after it's downloaded.
+
+If it were possible to do a rolling checksum as part of the download, rather than needing to pull the entire file back off disk and checksum it, I'd do so. But it's generally not; for example when git-annex is downloading a file using rsync it may resume part way through a previous interrupted download, and rsync is storing the file to disk, not streaming it to git-annex.
+"""]]