From ea51ac3f596bd9bbb92ff03121848a6b8d9f0d25 Mon Sep 17 00:00:00 2001
From: Ilya_Shlyakhter <Ilya_Shlyakhter@web>
Date: Wed, 19 Sep 2018 15:49:57 +0000
Subject: [PATCH] better exceptions to
 annex.security.allow-unverified-downloads

---
 ...eptions_to_annex.security.allow-unverified-downloads.mdwn | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 doc/todo/better_exceptions_to_annex.security.allow-unverified-downloads.mdwn

diff --git a/doc/todo/better_exceptions_to_annex.security.allow-unverified-downloads.mdwn b/doc/todo/better_exceptions_to_annex.security.allow-unverified-downloads.mdwn
new file mode 100644
index 0000000000..9a1e06639e
--- /dev/null
+++ b/doc/todo/better_exceptions_to_annex.security.allow-unverified-downloads.mdwn
@@ -0,0 +1,5 @@
+"Downloading unverified content from (non-encrypted) external special remotes is prevented, because they could follow http redirects to web servers on localhost or on a private network, or in some cases to a file:/// url" -- it's be good if an exception to this could be configured for a given type of external special remote, and/or for specific special remotes.
+Sometimes I _know_ that a given external special remote doesn't do redirects, or that a given special remote repository won't have bad URLs.  Remembering to do
+git -c annex.security.allow-unverified-downloads=ACKTHPPT annex get myfile
+every time is another thing to think about, when the whole point of git-annex is to not have to think about where things are :)  While configuring 
+annex.security.allow-unverified-downloads=ACKTHPPT permanently opens security holes.