On Sat, Aug 22, 2009 at 01:17, Martin Geislermg@lazybytes.net wrote:
In the general case, you can specify an extension to be enabled by filename:
[extensions] foo = ~/src/foo
So if I can enable an extension like that on your system, I might be evil and commit a bad extension *and* enable it at the same time.
You might argue that one should then limit which extensions one can enable in a versioned file, but it seems hard to come up with a good mechanism for this. The current "mechanism" is the users own ~/.hgrc file which can be seen as a whitelist of extensions he trust.
Thanks for explaining that bit, Martin. Everyone: Martin is also a hg crew member.
It sounds to me like somehow requiring extensions to be enabled (without actually enabling them) would help mitigate the issues somehow, although it's still a distributed system and so clients cannot be trusted (e.g. I might put a win32text stub in there somewhere that does nothing).