diff --git a/CHANGELOG b/CHANGELOG index ff2fa9adbb..4c16316a27 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -10,6 +10,9 @@ git-annex (8.20201130) UNRELEASED; urgency=medium behavior, mincopies also needs to be set to 0. * Behavior change: git-annex trust now needs --force, since unconsidered use of trusted repositories can lead to data loss. + * Behavior change: --trust option no longer overrides trust, since + that can lead to data loss, which should never be enabled by an option + other than --force. * add: Significantly speed up adding lots of non-large files to git, by disabling the annex smudge filter when running git add. * add --force-small: Run git add rather than updating the index itself, diff --git a/CmdLine/GitAnnex/Options.hs b/CmdLine/GitAnnex/Options.hs index 568fc7de4c..d015cdeb76 100644 --- a/CmdLine/GitAnnex/Options.hs +++ b/CmdLine/GitAnnex/Options.hs @@ -55,7 +55,7 @@ gitAnnexGlobalOptions = commonGlobalOptions ++ ) , globalSetter (Remote.forceTrust Trusted) $ strOption ( long "trust" <> metavar paramRemote - <> help "override trust setting" + <> help "deprecated, does not override trust setting" <> hidden <> completeRemotes ) diff --git a/Remote.hs b/Remote.hs index 1d6250f9e2..588457f728 100644 --- a/Remote.hs +++ b/Remote.hs @@ -384,8 +384,10 @@ listRemoteNames remotes = intercalate ", " (map name remotes) forceTrust :: TrustLevel -> String -> Annex () forceTrust level remotename = do u <- nameToUUID remotename - Annex.changeState $ \s -> - s { Annex.forcetrust = M.insert u level (Annex.forcetrust s) } + if level >= Trusted + then toplevelWarning False "Ignoring request to trust repository, because that can lead to data loss." + else Annex.changeState $ \s -> + s { Annex.forcetrust = M.insert u level (Annex.forcetrust s) } {- Used to log a change in a remote's having a key. The change is logged - in the local repo, not on the remote. The process of transferring the diff --git a/doc/git-annex.mdwn b/doc/git-annex.mdwn index 7571fdfd33..7d4c9b34f1 100644 --- a/doc/git-annex.mdwn +++ b/doc/git-annex.mdwn @@ -797,7 +797,6 @@ may not be explicitly listed on their individual man pages. Also, note that if the time limit prevents git-annex from doing all it was asked to, it will exit with a special code, 101. -* `--trust=repository` * `--semitrust=repository` * `--untrust=repository` @@ -806,6 +805,12 @@ may not be explicitly listed on their individual man pages. The repository should be specified using the name of a configured remote, or the UUID or description of a repository. +* `--trust=repository` + + This used to override trust settings for a repository, but now will + not do so, because trusting a repository can lead to data loss, + and data loss is now only enabled when using the `--force` option. + * `--trust-glacier` Amazon Glacier inventories take hours to retrieve, and may not represent diff --git a/doc/trust.mdwn b/doc/trust.mdwn index 75781b7acb..b348a6dc06 100644 --- a/doc/trust.mdwn +++ b/doc/trust.mdwn @@ -44,10 +44,6 @@ information for a repository. For example, it may be an offline archival drive, from which you rarely or never remove content. Deciding when it makes sense to trust the tracking info is up to you. -One way to handle this is just to use `--force` when a command cannot -access a remote you trust. Or to use `--trust` to specify a repository to -trust temporarily. - To configure a repository as fully and permanently trusted, use the [[git-annex-trust]] command.