doc/bugs/git_annex_get___60__file__62___should_verify_file_hash.mdwn

@@ -0,0 +1,32 @@
+### Please describe the problem.
+git annex get fileName-  should perform a hash check on the file content before adding to the local repository
+
+
+### What steps will reproduce the problem?
+Two scenarios:
+1) Malicious user and owner of repository being pulled from can edit his/her local .git/annex/objects directory 
+to alter the file content. For src code, this could be to insert a bug, insert a backdoor, or for example 
+to replace an image file artifact for a website, with a pornographic image.
+The user pulling the file content with "git annex get fileName"  might not be aware of the file contents 
+until they actually examine the file or perform an fsck or commit locally. 
+In the meantime a kiddy porn image could be sitting in their repository or a src code backdoor can get incorporated and deployed etc.
+2) a file could also simply get corrupted during download. An inherent hash check during the 'annex get' would
+point out the problem immediately.
+To reproduce:  create repoNum1, and clone it to create repoNum2. manual edit/replace content in repoNum1/.git/annex/objects/...
+then perform a 'git annex get <fileName>' from repoNum2 on the file that has been manipulated 
+
+
+### What version of git-annex are you using? On what operating system?
+3.2012112ubuntu2 on running linux mint 
+
+
+### Please provide any additional information below.
+
+Aside: Thanks Joey - this is fantastic work you are doing. You have really improved git. The ability to checkout 
+an entire tree - but selectively get only the content actually needed is a real killer feature.
+Kudos and again many many thanks
+M.
+
+
+# End of transcript or log.
+"""]]