From c5791f7918667d93f5ac1e96183e8ed539881691 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 2 Jan 2014 13:23:58 -0400 Subject: close --- doc/todo/untracked_remotes.mdwn | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'doc') diff --git a/doc/todo/untracked_remotes.mdwn b/doc/todo/untracked_remotes.mdwn index 883b5acff..f538c7560 100644 --- a/doc/todo/untracked_remotes.mdwn +++ b/doc/todo/untracked_remotes.mdwn @@ -7,3 +7,21 @@ developers don't care to know about one-another's systems. It seems that such an untracked repository would need to automatically consider itself untrusted. Is that enough to avoid losing data? + +> [[done]]; set remote..annex-readonly=true to prevent +> git-annex from pushing changes to the remote, or modifying the contents +> of the remote in any way. +> +> Note that I am intentionally not making this feature be about security. +> The remote can still tell if you're connecting to it, and indeed if it +> really wants to, and git-annex-shell is being used on the remote, it can +> determine your local repository's uuid. +> +> This allows for some complicated setups. For example, a public repository +> P can be a readonly remote of a clone on your laptop L, and L in turn has +> another, non-readonly remote D on a removable drive. This allows L and D +> to keep track of which files one-another have, without leaking this info +> to P. But note that if L adds P as a remote, it also has to mark it +> readonly, to avoid leaking data. +> +> --[[Joey]] -- cgit v1.2.3