Comment 2 for bug 1212205

If we can't abandon PyJuju there might still be something we can do to reduce the problem. If there's a pattern for these filenames - e.g. ^\w+-charm-\w+$ - then perhaps we can permit anonymous access for just these files. It's still a hole, though a smaller one. We could additionally have a config option to permit this, which defaults to false.