Add trust and untrust subcommands, to allow configuring remotes that are trusted to retain files without explicit checking.

doc/copies.mdwn

@@ -11,7 +11,8 @@ setting in `.gitattributes` files.
 
 `git annex drop` attempts to check with other git remotes, to check that N
 copies of the file exist. If enough repositories cannot be verified to have
-it, it will retain the file content to avoid data loss.
+it, it will retain the file content to avoid data loss. Note that
+[[trusted_remotes|trust]] are not explicitly checked.
 
 For example, consider three repositories: Server, Laptop, and USB. Both Server
 and USB have a copy of a file, and N=1. If on Laptop, you `git annex get

doc/git-annex.mdwn

@@ -171,6 +171,15 @@ Many git-annex subcommands will stage changes for later `git commit` by you.
   This is meant to be called from git's pre-commit hook. `git annex init`
   automatically creates a pre-commit hook using this.
 
+* trust [repository ...]
+
+  Records that a repository is [[trusted]] to not unexpectedly lose content.
+  Use with care.
+
+* untrust [repository ...]
+
+  Undoes a trust command.
+
 * fromkey file
 
   This can be used to maually set up a file to link to a specified key
@@ -333,7 +342,9 @@ These files are used by git-annex, in your git repository:
 available. Annexed files in your git repository symlink to that content.
 
 `.git-annex/uuid.log` is used to map between repository UUID and
-decscriptions. You may edit it.
+decscriptions.
+
+`.git-annex/trust.log` is used to list the UUIDs of trusted repositories.
 
 `.git-annex/*.log` is where git-annex records its content tracking
 information. These files should be committed to git.

doc/location_tracking.mdwn

@@ -26,3 +26,6 @@ descriptions to help you with finding them:
 	  Try making some of these repositories available:
 	  	c0a28e06-d7ef-11df-885c-775af44f8882  -- USB archive drive 1
 	  	e1938fee-d95b-11df-96cc-002170d25c55
+
+In certian cases you may want to configure git-annex to [[trust]]
+that location tracking information is always correct for a repository.

doc/trust.mdwn

@@ -0,0 +1,20 @@
+Normally, git-annex does not fully trust its stored [[location_tracking]]
+information. When removing content, it will directly check
+that other repositories have [[copies]].
+
+Generally that explicit checking is a good idea. Consider that the current
+[[location_tracking]] information for a remote may not yet have propigated
+out. Or, a remote may have suffered a catastrophic loss of data, or itself
+been lost.
+
+Sometimes though, you may have reasons to trust the location tracking
+information for a remote repository. For example, it may be an offline
+archival drive, from which you rarely or never remove content. Deciding
+when it makes sense to trust the tracking info is up to you.
+
+One way to handle this is just to use `--force` when a command cannot
+access a remote you trust.
+
+Another option is to configure which remotes you trust with the 
+`git annex trust` command, or by manually adding the UUIDs of trusted remotes
+to `.git-annex/trust.log`.

doc/walkthrough.mdwn

@@ -134,7 +134,7 @@ you'll see something like this.
 	  (Use --force to override this check, or adjust annex.numcopies.)
 	failed
 
-Here you might --force it to drop `important_file` if you trust your backup.
+Here you might --force it to drop `important_file` if you [[trust]] your backup.
 But `other.iso` looks to have never been copied to anywhere else, so if
 it's something you want to hold onto, you'd need to transfer it to
 some other repository before dropping it.