[PATCH 3 of 3] Added new remoteopts 'contact' and 'description' for httprepo creation

[Martin Geisler]

Martin Vejnár <avakar at ratatanek.cz> writes:

> Martin Geisler wrote:
>> I don't really know anything about hgweb, so I haven't looked at the
>> code. But I think it would be nice if it would support server-side
>> clones.
>
> The patch doesn't implement server-side clones, it provides for
> localrepo to httprepo cloning.

Right, I was thinking that local-to-remote and remote-to-remote clones
were the same at an abstract level (one can be used to implement the
other). But a true server-side clone would of course not require you to
first download everything before pushing it up on the server again.

> I agree that server-side clones would be nice, although I think they
> should be performed through the web interface, not with the client. It
> would also be nice if hgweb interface supported moving and deleting of
> repos and hgrc editing (making ssh access completely unnecessary).

True, though it might be easier to implement some of those features in a
third-party package. Hgweb works well for what it does, but like the
rest of Mercurial it cannot depend on nice libraries outside of the
standard Python library. A third-party front end can take advantage of
all the rich frameworks it wants.

>> I trust that you have thought about directory-traversal attacks where
>> people create a repository called "../../something" and thereby
>> escape the "sandbox"?
>
> Well, actually, I haven't. Thank you for the reminder, I've fixed the
> problem and will be reposting the patches shortly.

Great! :-)

-- 
Martin Geisler

VIFF (Virtual Ideal Functionality Framework) brings easy and efficient
SMPC (Secure Multiparty Computation) to Python. See: http://viff.dk/.