Skip source files that differ from existing destination files with a warning?

[Matt McCutchen]

Hi again, rsync list!  I was heavily involved in rsync development and
support back in 2005-2010.  I've largely lost interest in that now and
my knowledge of rsync is beginning to become stale, but I'm still a big
fan and user of rsync, so I'm back with a user question. :)  I did
search the web and didn't find anything relevant.

I have a scenario in which regular files are created in a source
directory over time and shouldn't change after creation.  I run rsync
periodically to copy the source to a destination, and if a source file
differs from an existing destination file, I want rsync to warn me and
not transfer it.

For the "not transfer" part, I can use --ignore-existing, but I don't
see a direct way to be warned only about source files that differ from
existing destination files.  If I use --info=SKIP1, rsync warns about
all source files that exist on the destination, whether or not they
differ.  So as a workaround, after the --ignore-existing run, I'm using
a separate dry run without --ignore-existing to warn about any
remaining differences.

Is there a better solution?  Do people think that filing an enhancement
request to show the --ignore-existing warning only for files with
itemizable differences would be justified?

My reading of the code also suggests that if the sender is malicious,
--ignore-existing will not stop the receiver from processing a transfer
of an existing destination file initiated by the sender, though I
haven't attempted an actual test to confirm this.  I can work around
this security gap by transferring from the source to a temporary
directory and then from there to the destination; in the second step,
my local version of rsync serves as both sender and receiver, so there
is no risk.  I suspect several other rsync options may similarly not be
enforced against a malicious peer.  Is this worth fixing?

Thanks,
Matt