Open
Description
If an attacker manages to compromise the local repository (in this case only FS repos are susceptible, others may be in the future) and adds bad metadata, the client would attempt to update from the local repo initially then fail. It will never be able to recover without outside intervention.
We could delete the offending metadata to allow us to continue. This is safe so long as the bad metadata isn't correctly signed (which is technically good metadata, so we couldn't even tell anyway).