D98: revset: support reading aliases from a .hgrevsets file
indygreg (Gregory Szorc)
phabricator at mercurial-scm.org
Sun Sep 24 14:58:28 UTC 2017
indygreg added a comment.
There are a number of security and user control issues at play here.
For security, we need to take a long hard look at what configs can be modified by in-repo files. Revsets already have a "safe" flag that controls what to expose on hgweb. We likely need more of this.
For user control, I could imagine something hooked into `hg clone` and `hg pull`. If we encounter a well-known in-tree config file, we can prompt or notify the user to enable it. Enabling would be as simple as dropping a `%include` into `.hg/hgrc` or something. We could expose global config options to control the default behavior. e.g. //always install//, //prompt//, etc.
This would be a good discussion to have at the Sprint!
REPOSITORY
rHG Mercurial
REVISION DETAIL
https://phab.mercurial-scm.org/D98
To: indygreg, #hg-reviewers, quark
Cc: durin42, yuja, mharbison72, quark, mercurial-devel
More information about the Mercurial-devel
mailing list