[PATCH 1 of 4] schemas: add schemas to repositories

Angel Ezquerra angel.ezquerra at gmail.com
Thu Aug 8 01:36:29 CDT 2013


On Thu, Aug 8, 2013 at 1:43 AM, Durham Goode <durham at fb.com> wrote:
> On 8/7/13 4:23 PM, "Angel Ezquerra" <angel.ezquerra at gmail.com> wrote:
>
>>
>>On Aug 8, 2013 12:40 AM, "Durham Goode" <durham at fb.com> wrote:
>>>
>>>I wasn't aware of the projrc extension, but I did discuss that concept
>>> internally and with Matt. I think the problem is that it just isn't
>>>secure
>>> enough.  If one of our users is dumb and sets up "servers = *, include =
>>> *", they could execute arbitrary code from bitbucket within our network.
>>>
>>> Durham
>>I understand your concern but the extension does not blindly accept new
>>configurations. In fact I think it is actually pretty safe and it has
>>been developed to be as safe as possible. In particular by default the
>>extension requires confirmation
>> whenever the projrc file changes. Currently it does not show which
>>settings changed but it could do so. It could also require explicit
>>confirmation before accepting changes to the "dangerous" sections.
>>Additionally the extension could be tweaked to be even safer. For example
>>the extension could be changed so that it would only accept projrc
>>settings from your internal servers. Another option would be to make it
>>necessary to explicitly include
>> dangerous settings such as hooks and extensions (i.e. include = * would
>>only include safe settings).
>>On the other hand I feel that your proposed schemas functionality is a
>>bit narrow to be included as part of mercurial core. Distributing a
>>common mercurial config is a common problem. IMHO it would be nice if
>>mercurial offered a generic solution
>> to that problem. I don't think your proposal is such a solution.
>>Angel
>
>
> It's totally possible the schema stuff isn't appropriate for upstream
> core. I'm open to that response from the community.

Maybe I was too categorical. What I meant to say is that your proposal
seems a bit too narrow in scope. It would be nice if mercurial had a
built-in, secure way to distribute (default) settings.

That being said to a certain extent this is already the case for many
users, since TortoiseHg bundles the projrc extension.

Cheers,

Angel


More information about the Mercurial-devel mailing list