mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Added a comment

Browse source
This commit is contained in:
http://joeyh.name/ 2013-12-15 19:38:50 +00:00 committed by admin
parent ee9b2728e8
commit a6ee9f4354
1 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
doc/bugs/git_annex_get___60__file__62___should_verify_file_hash/comment_1_650e01a04104120ef1db4ff16fedc4f1._comment Normal file
View file

@ -0,0 +1,16 @@
[[!comment format=mdwn
username="http://joeyh.name/"
ip="209.250.56.87"
subject="comment 1"
date="2013-12-15T19:38:48Z"
content="""
If you don't trust a remote repository, then you should either
a) Not use that repository at all, because its malicious owner could put any evil file he wants in it with an entirely correct hash.
b) Make it a gcrypt remote so all content stored on it is encrypted. Decrypting it will include validating that you get out what you originally put in.
So these scenarios are not good arguments for validating every file after it's downloaded.
If it were possible to do a rolling checksum as part of the download, rather than needing to pull the entire file back off disk and checksum it, I'd do so. But it's generally not; for example when git-annex is downloading a file using rsync it may resume part way through a previous interrupted download, and rsync is storing the file to disk, not streaming it to git-annex.
"""]]