[[!comment format=mdwn
 username="joey"
 subject="""comment 2"""
 date="2017-03-02T17:24:23Z"
 content="""
@dvicory if someone only knows the onion service address, they can do
nothing to your repository except connect to it and get rejected
due to failure to authenticate. They need the authentication data too
in order to do any of those things. That was talking about the
addresses generated by `git annex peer --gen-addresses`, 
which include authentication data.

I've improved the wording to avoid confusion between git-annex's addresses
and onion addresses.
"""]]