Comment 5 for bug 1112620

Ok, having discussed that with Danilo, there're 2 high-level ways to resolve it:

1) Get rid of proxying metadata files via android-build, and access them directly from user browser, which will allow to handle access restriction based on user's active browser session.

2) Fix for android-build to metadata on snapshots.l.o.

Solution 1 is tempting, but immediately opens us to AJAX same origin policy issues (i.e. we cannot just now access files from other hosts, period).

Solution 2 requires figuring out which level interferes with lava-builds-info access, to remind, we still have two: 1) adhoc Apache rules maintained by IS; 2) linaro-license-protection and BUILD-INFO.txt. For the latter, we already know it's wrong:

==========
Format-Version: 0.1

Files-Pattern: *
License-Type: protected
OpenID-Launchpad-Teams: linaro-juice
==========
Worse, we cannot get it right in non-hacky way due to lp:1126069.