Per project config options
Steve Hoelzer
shoelzer at gmail.com
Wed Apr 25 20:58:33 UTC 2012
On Wed, Apr 25, 2012 at 2:08 PM, Matt Mackall <mpm at selenic.com> wrote:
> On Wed, 2012-04-25 at 13:38 -0500, Steve Hoelzer wrote:
>> It seems to me that simple per project config files would be a great
>> feature. The problem is maintaining security. Here are a couple ideas
>> for potential security mechanisms:
>>
>> 1. Mercurial has a built-in blacklist of config options not allowed in
>> the per project hgrc file. Those options are ignored (and maybe alert
>> the user if those options exist).
>
> What would you want in there that wouldn't be blacklisted? Such a black
> list would definitely have to include:
>
> - hooks
> - aliases
> - extensions
>
> ..any of which could let any random project you clone off the internet
> 0wn your machine when you type 'hg log'.
Hmmm... after looking over the list of config options, I can't come up
with many good use cases for per project config files. My best one is
the reason I started this thread in the first place -- to have a
common settings for `largefiles.minsize` and `largefiles.patterns`.
That being the case, I agree that general per project config shouldn't
be supported by Mercurial. It may be useful (and safe) for a few
individual features or extensions, though. For example, largefiles
could support settings in <repo>/.hglargefiles.
Thanks for your feedback.
Steve
More information about the Mercurial
mailing list