[PATCH 0 of 4] Add Schemas
raf at durin42.com
Wed Aug 7 08:25:04 CDT 2013
On Tue, Aug 06, 2013 at 05:28:25PM -0700, Durham Goode wrote:
> This series is part RFC and part actual patch. In particular:
> - Can anyone think of a better name than 'schema'?
> - How do people feel about the security implications? If a user
> pulls from an untrusted source they could have a malicious schema
> introduced. For example, if they have largefiles enabled and pull
> from a malicious user, their schema could be changed such that they
> request largefiles from a malicious location. On the other hand,
> this doesn't seem any different from the security concerns of
> pulling from an untrusted location the old fashioned way.
I feel worried about it, but I can't come up with an actual attack
vector at the moment.
> _______________________________________________ Mercurial-devel
> mailing list Mercurial-devel at selenic.com
More information about the Mercurial-devel