D98: revset: support reading aliases from a .hgrevsets file

indygreg (Gregory Szorc) phabricator at mercurial-scm.org
Sun Sep 24 14:58:28 UTC 2017


indygreg added a comment.


  There are a number of security and user control issues at play here.
  
  For security, we need to take a long hard look at what configs can be modified by in-repo files. Revsets already have a "safe" flag that controls what to expose on hgweb. We likely need more of this.
  
  For user control, I could imagine something hooked into `hg clone` and `hg pull`. If we encounter a well-known in-tree config file, we can prompt or notify the user to enable it. Enabling would be as simple as dropping a `%include` into `.hg/hgrc` or something. We could expose global config options to control the default behavior. e.g. //always install//, //prompt//, etc.
  
  This would be a good discussion to have at the Sprint!

REPOSITORY
  rHG Mercurial

REVISION DETAIL
  https://phab.mercurial-scm.org/D98

To: indygreg, #hg-reviewers, quark
Cc: durin42, yuja, mharbison72, quark, mercurial-devel


More information about the Mercurial-devel mailing list