diff --git a/Remote/Git.hs b/Remote/Git.hs
index f59ef528b6..2fd85392b7 100644
--- a/Remote/Git.hs
+++ b/Remote/Git.hs
@@ -229,7 +229,8 @@ gen r u rc gc rs
 			, gitconfig = gc
 			, readonly = Git.repoIsHttp r && not (isP2PHttp' gc)
 			, appendonly = False
-			, untrustworthy = False
+			, untrustworthy = isJust (remoteAnnexProxiedBy gc) 
+				&& exportTree c
 			, availability = repoAvail r
 			, remotetype = remote
 			, mkUnavailable = unavailable r u rc gc rs
diff --git a/doc/todo/git-annex_proxies.mdwn b/doc/todo/git-annex_proxies.mdwn
index 082bbe0eac..87ed8b4907 100644
--- a/doc/todo/git-annex_proxies.mdwn
+++ b/doc/todo/git-annex_proxies.mdwn
@@ -33,23 +33,8 @@ Planned schedule of work:
 * Working on `exportreeplus` branch which is groundwork for proxying to
   exporttree=yes special remotes. Need to merge it to master.
 
-* A proxied exporttree=yes special remote is not untrusted, and should be.
-
-  This needs Remote.untrustworthy to be set when constucting a proxied 
-  Remote that uses exporttree=yes. So will need to load the remote config
-  to see if it does.
-  
-  But, the proxy.log uses the UUID of a remote. There could be multiple
-  special remotes that share a UUID. Which config to load? Maybe load the
-  configs of them all and check if any has exporttree=yes.
-  Probably all ought to if any do.
-
-  Alternatively, make annexobjects=yes remotes not untrusted.
-  This was considered in [[todo/exporttree_remotes_could_store_any_key]],
-  but didn't seem very feasible.
-
-* Also, versioned exports are not untrustworthy. But checking that would
-  need to construct a Remote using the special remote's config. 
+* Versioned exports are not untrustworthy. But checking that for a proxied
+  remote would need to construct a Remote using the special remote's config. 
   
   For eg S3 (the only versioned one currently), that would need the S3
   creds to be set in the environment.