D98: revset: support reading aliases from a .hgrevsets file
quark (Jun Wu)
phabricator at mercurial-scm.org
Wed Aug 9 21:51:39 UTC 2017
quark added a comment.
Security-wise, the "shelling out revset" seems hard to solve cleanly. By having `%include ../hgrc` in `$REPO/.hg/hgrc`, we could already read config in working copy for a trusted repo today.
It seems to me that a lot of security work (ex. knowing the "origin" when executing a revset, marking config items or sections as safe or unsafe by extensions) are required to be able to turn on this feature by default. If we don't turn this on by default because of security, the `%include ../hgrc` approach seems good enough for trusted repo today.
REPOSITORY
rHG Mercurial
REVISION DETAIL
https://phab.mercurial-scm.org/D98
To: indygreg, #hg-reviewers
Cc: durin42, yuja, mharbison72, quark, mercurial-devel
More information about the Mercurial-devel
mailing list