[PATCH 0 of 4] Add Schemas

Augie Fackler raf at durin42.com
Wed Aug 7 08:25:04 CDT 2013


On Tue, Aug 06, 2013 at 05:28:25PM -0700, Durham Goode wrote:
> This series is part RFC and part actual patch.  In particular:
>
> - Can anyone think of a better name than 'schema'?
>
> - How do people feel about the security implications?  If a user
> pulls from an untrusted source they could have a malicious schema
> introduced.  For example, if they have largefiles enabled and pull
> from a malicious user, their schema could be changed such that they
> request largefiles from a malicious location.  On the other hand,
> this doesn't seem any different from the security concerns of
> pulling from an untrusted location the old fashioned way.

I feel worried about it, but I can't come up with an actual attack
vector at the moment.

> _______________________________________________ Mercurial-devel
> mailing list Mercurial-devel at selenic.com
> http://selenic.com/mailman/listinfo/mercurial-devel


More information about the Mercurial-devel mailing list