correction of scope of security problem

AFAICS, it's not only affecting resumes, but any upload to a special remote with chunking enabled.
author: Joey Hess <joeyh@joeyh.name> 2016-04-28 16:07:10 -0400
committer: Joey Hess <joeyh@joeyh.name> 2016-04-28 16:07:10 -0400
commit: ee5a28cc2e2a5821aac4ad07662d0b424235d072 (patch)
tree: 83078fbf277a7829149f9c99d8a1db8c6559c88f /doc
parent: c4185df50827608161d6c93fc7ed2dbd3bc91257 (diff)
1 files changed, 2 insertions, 5 deletions
diff --git a/doc/bugs/External_special_remote_broken__63__/comment_1_904a186a6400506303cad772ac1a6751._comment b/doc/bugs/External_special_remote_broken__63__/comment_1_904a186a6400506303cad772ac1a6751._comment
index e50f00afb..7fb3b08e5 100644
--- a/doc/bugs/External_special_remote_broken__63__/comment_1_904a186a6400506303cad772ac1a6751._comment
+++ b/doc/bugs/External_special_remote_broken__63__/comment_1_904a186a6400506303cad772ac1a6751._comment
@@ -10,9 +10,6 @@ non-chunked form, since a remote can be reconfigured to add chunking.
 So it's nothing to worry about.
 
 The lack of encryption of the key when checking to resume is definitely a
-bug. A bit of a security bug too, although it only happens when resuming
-uploads. (I double checked the other operations and they all encrypt keys)
-I suppose that if the server was hostile, it could randomly make
-uploads fail, in order to get git-annex to expose content keys via
-this bug when resuming.
+bug. A bit of a security bug too.
+(I double checked the other operations and they all encrypt keys)
 """]]
author	Joey Hess <joeyh@joeyh.name>	2016-04-28 16:07:10 -0400
committer	Joey Hess <joeyh@joeyh.name>	2016-04-28 16:07:10 -0400
commit	ee5a28cc2e2a5821aac4ad07662d0b424235d072 (patch)
tree	83078fbf277a7829149f9c99d8a1db8c6559c88f /doc
parent	c4185df50827608161d6c93fc7ed2dbd3bc91257 (diff)