From 73a8ba53076ed7d4d17d5a382a3459c76186e99d Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Tue, 11 Mar 2025 11:53:14 -0400
Subject: [PATCH] update

---
 doc/todo/compute_special_remote_remaining_todos.mdwn | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/doc/todo/compute_special_remote_remaining_todos.mdwn b/doc/todo/compute_special_remote_remaining_todos.mdwn
index c13a4e6425..fab644f0e4 100644
--- a/doc/todo/compute_special_remote_remaining_todos.mdwn
+++ b/doc/todo/compute_special_remote_remaining_todos.mdwn
@@ -1,6 +1,10 @@
 This is the remainder of my todo list while I was building the
 compute special remote. --[[Joey]]
 
+* prohibit using compute states where an input or output filename contains
+  a newline. The protocol doesn't allow this to happen usually, but an 
+  attacker might try it in order to scramble the protocol.
+
 * git-annex responds to each INPUT immediately, and flushes stdout.
   This could cause problems if the program is sending several INPUT
   first, before reading responses, as is documented it should do to allow
@@ -12,12 +16,6 @@ compute special remote. --[[Joey]]
   but how much parallelism makes sense? Would it be possible to use the
   usual worker pool?
 
-* Write some simple compute programs so we have something to start with.
-
-  - convert between images eg jpeg to png
-  - run a command in a singularity container (that is one of the inputs)
-  - run a wasm binary (that is one of the inputs)
-
 * compute on input files in submodules
 
 * annex.diskreserve can be violated if getting a file computes it but also