On Sat, Aug 22, 2009 at 01:17, Martin Geisler<mg at lazybytes.net> wrote: > In the general case, you can specify an extension to be enabled by > filename: > > [extensions] > foo = ~/src/foo > > So if I can enable an extension like that on your system, I might be > evil and commit a bad extension *and* enable it at the same time. > > You might argue that one should then limit which extensions one can > enable in a versioned file, but it seems hard to come up with a good > mechanism for this. The current "mechanism" is the users own ~/.hgrc > file which can be seen as a whitelist of extensions he trust. Thanks for explaining that bit, Martin. Everyone: Martin is also a hg crew member. It sounds to me like somehow requiring extensions to be enabled (without actually enabling them) would help mitigate the issues somehow, although it's still a distributed system and so clients cannot be trusted (e.g. I might put a win32text stub in there somewhere that does nothing). Cheers, Dirkjan
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4