Sensitive file removal
Giorgos Keramidas
keramida at ceid.upatras.gr
Thu Jan 18 12:41:36 UTC 2007
On 2007-01-17 20:18, Steve Borho <steve at ageia.com> wrote:
>On Wednesday 17 January 2007 20:11, Giorgos Keramidas wrote:
>> A more likely case would be:
>>
>> A lawyer contacts you and asks that you *remove* all traces of source
>> file `bin/utility/utility.c', because they are `tainted' by code from
>> Foo, Inc. They know that some people have pulled copies from you, but
>> they don't care. All they want is that *you* don't continue the
>> distribution of the tainted sources.
>>
>> Now add to the mix the interesting possibility that the lawyer doesn't
>> contact you when the changeset is still 'tip', but several months later.
>>
>> How would you approach this sort of `repo-history surgery'?
>
> I'm more of a pragmatist. If I was in this situation I would just
> start an entirely new repository and quit hosting the tainted one
> publically.
That's the idea. But the hg-to-hg conversion script mentioned below,
would be very nice to have as a supported extension or command. I'm not
sure how the current manifests work in detail.
Perhaps, it would be nice if we could provide a file like .hgignore to
`hg clone', which would 'strip off' files from the manifest of
changesets "on the fly", as they are being cloned. Maybe this is not so
easy, and I'm being silly. I don't really know :)
More information about the Mercurial
mailing list