Comment 3 for bug 1153614

Mark, here are a couple of reasons that I thought of (tho none come from a real world scenario that I have seen):

A malicious user could use copy_from functionality to use Glance to download data and avoid having their IP address known/logged/blocked.

Host based authentication could be put in place by a repository such that the Glance server is the only endpoint allowed to download data, thus copy_from (or --location) would be the only way for users to access it. An admin may want to limit what users could access it.

This question dovetails into another that I had. Should there be a whitelist or blacklist of host/urls with which Glance will allow the use of copy_from or location?