Will we serve a hidden asset file if asked? If no, then we would be justified not enumerating them given that our initial motivation was to simplify exporting sites with assets. github 
# Files
We upload the .gitignore from the plugin repo. github
pages/testing-dotted-assets
We confirm from the 0.4.1-pre1 plugin that the 61 byte file was indeed uploaded. See Browse Asset Folders
http://ward.dojo.fed.wiki/assets/pages/testing-dotted-assets/.gitignore HEIGHT 0
Direct access to the .gitignore file is blocked from the browser and from the above Frame.
# Directories
We repeat the experiment with a hidden directory name, .hidden, and a normal 74 byte file from the same repo.
pages/testing-dotted-assets/.hidden
0.4.1-pre1 plugin view
The upload worked, not because a hidden directory was made and used, but because the subdirectory was ignored so the upload went into the parent directory.
testing-dotted-assets/factory.json testing-dotted-assets//factory.json
If one hovers over the factory.json link offered by the two Assets items, one sees that they are not identical links.
# Consistency
It seems reasonable that if we can't see or fetch a hidden object we shouldn't support them as upload files or folders. How then should we treat hidden directories added by other means as we have done here.
ls -laR testing-dotted-assets/ testing-dotted-assets/: drwxr-xr-x 3 4096 17:35 . drwxr-xr-x 109 4096 16:40 .. -rw-r--r-- 1 61 16:40 .gitignore drwxr-xr-x 2 4096 17:35 .secret -rw-r--r-- 1 74 16:58 factory.json testing-dotted-assets/.secret: drwxr-xr-x 2 4096 17:35 . drwxr-xr-x 3 4096 17:35 .. -rw-r--r-- 1 6 17:35 hello.txt
This "secret" hello.txt is not visible even to the 0.4.1-pre1 plugin but it is accessible when requested with a hand-crafted url.
http://ward.dojo.fed.wiki/assets/pages/testing-dotted-assets/.secret/hello.txt HEIGHT 0
We wonder, but have not tested, what is and isn't allowed when a site has been configured for Login to View?