[Python-Dev] Mercurial migration: help needed
Dirkjan Ochtman
dirkjan at ochtman.nl
Sat Aug 22 09:35:13 CEST 2009
On Sat, Aug 22, 2009 at 01:17, Martin Geisler<mg at lazybytes.net> wrote:
> In the general case, you can specify an extension to be enabled by
> filename:
>
> [extensions]
> foo = ~/src/foo
>
> So if I can enable an extension like that on your system, I might be
> evil and commit a bad extension *and* enable it at the same time.
>
> You might argue that one should then limit which extensions one can
> enable in a versioned file, but it seems hard to come up with a good
> mechanism for this. The current "mechanism" is the users own ~/.hgrc
> file which can be seen as a whitelist of extensions he trust.
Thanks for explaining that bit, Martin. Everyone: Martin is also a hg
crew member.
It sounds to me like somehow requiring extensions to be enabled
(without actually enabling them) would help mitigate the issues
somehow, although it's still a distributed system and so clients
cannot be trusted (e.g. I might put a win32text stub in there
somewhere that does nothing).
Cheers,
Dirkjan
More information about the Python-Dev
mailing list