From a6cb8bf916033e884fde04fcf6c8a5e86985ccdc Mon Sep 17 00:00:00 2001
From: Nick Daly <Nick.M.Daly@gmail.com>
Date: Tue, 26 Jun 2012 20:49:40 -0500
Subject: [PATCH] New TODO: don't be stupid with remote execution.

---
 ugly_hacks/santiago/README.rst | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ugly_hacks/santiago/README.rst b/ugly_hacks/santiago/README.rst
index 064c75b9c..bbc32a0ad 100644
--- a/ugly_hacks/santiago/README.rst
+++ b/ugly_hacks/santiago/README.rst
@@ -550,6 +550,11 @@ Tasks
 - |TODO| allow multiple listeners and senders per protocol (with different
   proxies?)
 
+- |TODO| Continuously review use of getattr and setattr to avoid server-side
+  injection: ``egrep -nHr "(g|s)etattr" *``
+
+  It's acceptable.  For now.
+
 .. |TODO| unicode:: U+2610
 .. |DONE| unicode:: U+2611