Per project config options
Matt Mackall
mpm at selenic.com
Wed Apr 25 19:08:56 UTC 2012
On Wed, 2012-04-25 at 13:38 -0500, Steve Hoelzer wrote:
> It seems to me that simple per project config files would be a great
> feature. The problem is maintaining security. Here are a couple ideas
> for potential security mechanisms:
>
> 1. Mercurial has a built-in blacklist of config options not allowed in
> the per project hgrc file. Those options are ignored (and maybe alert
> the user if those options exist).
What would you want in there that wouldn't be blacklisted? Such a black
list would definitely have to include:
- hooks
- aliases
- extensions
..any of which could let any random project you clone off the internet
0wn your machine when you type 'hg log'.
--
Mathematics is the supreme nostalgia of our time.
More information about the Mercurial
mailing list