### Please describe the problem. git annex get fileName- should perform a hash check on the file content before adding to the local repository ### What steps will reproduce the problem? Two scenarios: 1) Malicious user and owner of repository being pulled from can edit his/her local .git/annex/objects directory to alter the file content. For src code, this could be to insert a bug, insert a backdoor, or for example to replace an image file artifact for a website, with a pornographic image. The user pulling the file content with "git annex get fileName" might not be aware of the file contents until they actually examine the file or perform an fsck or commit locally. In the meantime a kiddy porn image could be sitting in their repository or a src code backdoor can get incorporated and deployed etc. 2) a file could also simply get corrupted during download. An inherent hash check during the 'annex get' would point out the problem immediately. To reproduce: create repoNum1, and clone it to create repoNum2. manual edit/replace content in repoNum1/.git/annex/objects/... then perform a 'git annex get ' from repoNum2 on the file that has been manipulated ### What version of git-annex are you using? On what operating system? 3.2012112ubuntu2 on running linux mint ### Please provide any additional information below. Aside: Thanks Joey - this is fantastic work you are doing. You have really improved git. The ability to checkout an entire tree - but selectively get only the content actually needed is a real killer feature. Kudos and again many many thanks M. # End of transcript or log. """]] > [[duplicate|done]] of [[checksum_verification_on_transfer]] --[[Joey]]