From 2557af278f682a265123e7e68fd70bf6ca3353e7 Mon Sep 17 00:00:00 2001 From: "achilleas.k@14be77d42a1252fab5ec9dbf4e5ea03c5833e8c8" Date: Wed, 26 Apr 2017 16:36:22 +0000 Subject: [PATCH] --- doc/forum/Malicious_autoenabled_remotes.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/forum/Malicious_autoenabled_remotes.mdwn b/doc/forum/Malicious_autoenabled_remotes.mdwn index 274d5c2157..8e8ff18835 100644 --- a/doc/forum/Malicious_autoenabled_remotes.mdwn +++ b/doc/forum/Malicious_autoenabled_remotes.mdwn @@ -2,4 +2,4 @@ I've been trying to figure out whether git-annex can be used to make a user unkn *Is it possible, when performing (for example) `git clone git@trustedserver:user/repo && cd repo && git annex init` for annex to set up and enable a remote that is **not** on `trustedserver`?* -I'm trying to imagine a scenario where someone with access to the repository (a person who I share files with) can set up a remote to a different server (e.g., `badremote`), set it to `autoenable=true`, and sync changes. Would this enable the other user to put files on `badremote` that are not on `trustedserver` but are tracked by annex? More importantly, if this happens and I perform a `git clone` -> `git annex init` -> `git annex sync --content`, would I be downloading files from `badremote` without specifically enabling it? +I'm trying to imagine a scenario where someone with access to the repository (a person who I share files with) can set up a remote to a different server (e.g., `badremote`), set it to `autoenable=true`, and sync changes. Would this enable the other user to put files on `badremote` that are not on `trustedserver` but are tracked by annex? More importantly, if this happens and I perform a `git clone` → `git annex init` → `git annex sync --content`, would I be downloading files from `badremote` without specifically enabling it?