Perhaps you do not understand the implications of "maintained" wrto a
whitelist.
A cross repository file dependency should lead to a request to add a path or pattern to a
whitelist for the other repository to provide a file path, not to a lazy download of
megabytes of mostly unused data "just in case".