[Python-Dev] Mercurial migration: help needed

Martin Geisler mg at lazybytes.net
Sat Aug 22 15:35:05 CEST 2009 

Paul Moore <p.f.moore at gmail.com> writes:

> 2009/8/22 Martin Geisler <mg at lazybytes.net>:
>> Oh, we try to be very paranoid in Mercurial :-) That's why you don't
>> see any support for copying hgrc files when you clone and why hg wont
>> trust hgrc files not owned by you: it should be safe to do
>>
>>  cd ~collegue/src/python
>>  hg tip
>
> So, is the implication therefore that there would be resistance to
> having some way of making a setting which *is* copied on clone, which
> says that you can't commit in this repository unless you have the
> following extensions enabled?

It sounds somewhat invasive to forbid commits. Moreover, repository
owners should remember that clients can do whatever they want, so this
can only be a hint, never a requirement.

I don't think this has been mentioned: When you clone you move history
(changesets) only and I'm pretty sure you cannot even read the
configuration settings over the "wire protocol".

So cloning from a HTTP URL wont copy a setting found in the
<repo>/.hg/hgrc file. This implies that the settings should live in a
version controlled file. I think that is sensible under all
circumstances.

So if the win32text extension (horrible name, I agree... it should have
been made more general and called eolconvert or something like that)
would just read a configuration file from the repository, then all you
should ask people is to enable win32text.

> Or is the fact that it's only saying "you must have an extension
> called win32text enabled" and not actually enabling code directly,
> sufficiently secure to make it acceptable?

It is definitely secure enough to be included. There should be a way to
turn off those hints, though: I might want to clone the Python
repository and play around with it without enabling win32text.

-- 
Martin Geisler

VIFF (Virtual Ideal Functionality Framework) brings easy and efficient
SMPC (Secure Multiparty Computation) to Python. See: http://viff.dk/.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-dev/attachments/20090822/6363d7f8/attachment.pgp>

More information about the Python-Dev mailing list