Clarify behaviour of deletion with untrusted hosts

WhyNotHugo · WhyNotHugo · commit 5a03b32752db · 2025-03-23T12:51:18.000+01:00
Reading of the original explanation of how encrypted sync works might
make one assume that deleting an encrypted copy of a file would be
synchronised as a deletion onto plaintext hosts. This is not the case,
so explicitly clarify this.
diff --git a/users/untrusted.rst b/users/untrusted.rst
@@ -58,6 +58,10 @@ becomes available.
         T2 -> U1 [label="Encrypted by T2"]
     }
 
+In the above scenarios, if the untrusted device U1 deletes a local copy of a
+file, this is not replicated directly to trusted hosts. Untrusted hosts might
+receive the notice, however.
+
 Similarly, it's fine to add "normal mode" synchronization between untrusted devices.
 
 .. graphviz::

Original file line number	Diff line number	Diff line change
`@@ -58,6 +58,10 @@ becomes available.`
`58`	`58`	`T2 -> U1 [label="Encrypted by T2"]`
`59`	`59`	`}`
`60`	`60`
	`61`	`+In the above scenarios, if the untrusted device U1 deletes a local copy of a`
	`62`	`+file, this is not replicated directly to trusted hosts. Untrusted hosts might`
	`63`	`+receive the notice, however.`
	`64`	`+`
`61`	`65`	`Similarly, it's fine to add "normal mode" synchronization between untrusted devices.`
`62`	`66`
`63`	`67`	`.. graphviz::`