Merge branch 'master' of ssh://git-annex.branchable.com

doc/bugs/OSX_build_broken/comment_1_0b570aa6c58effeace2a989184c9c601._comment

@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="http://joeyh.name/"
+ ip="209.250.56.87"
+ subject="comment 1"
+ date="2013-12-15T19:31:39Z"
+ content="""
+This should only affect Lion. Jimmy will need to install missing dependencies.
+
+In the meantime, I have reverted the lion build to the previous release, which I assume didn't have this problem. (Currently downloading that release my my archive, which git-annex says will take around 5 more minutes.)
+"""]]

doc/bugs/feature_request:_addhash/comment_1_064e963adb6834813380fd836bb58566._comment

@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="http://joeyh.name/"
+ ip="209.250.56.87"
+ subject="comment 1"
+ date="2013-12-15T19:45:25Z"
+ content="""
+This exists, it's `git annex migrate`
+"""]]

doc/bugs/git_annex_get___60__file__62___should_verify_file_hash/comment_1_650e01a04104120ef1db4ff16fedc4f1._comment

@@ -0,0 +1,16 @@
+[[!comment format=mdwn
+ username="http://joeyh.name/"
+ ip="209.250.56.87"
+ subject="comment 1"
+ date="2013-12-15T19:38:48Z"
+ content="""
+If you don't trust a remote repository, then you should either
+
+a) Not use that repository at all, because its malicious owner could put any evil file he wants in it with an entirely correct hash.
+
+b) Make it a gcrypt remote so all content stored on it is encrypted. Decrypting it will include validating that you get out what you originally put in.
+
+So these scenarios are not good arguments for validating every file after it's downloaded.
+
+If it were possible to do a rolling checksum as part of the download, rather than needing to pull the entire file back off disk and checksum it, I'd do so. But it's generally not; for example when git-annex is downloading a file using rsync it may resume part way through a previous interrupted download, and rsync is storing the file to disk, not streaming it to git-annex.
+"""]]