mercurial --> plain text --> mercurial

Andreas Axelsson andreas.axelsson at
Thu Mar 27 10:30:03 CDT 2008

I'm just curious, 

Wouldn't normally the antivirus tool be scanning files as they are
"unpacked" into the working folder anyway? The ones I've used seem to be
scanning most files read/written to disk, and as long as the virus has to be
unpacked to execute, it'll be detected. Or don't you run virus killers on
the client machines?

And why do you have to extract all of the data in the repo, and then pack it
back? If you discover a virus, you can't really rebuild the repo without the
data without recalculating hashes, etc, anyway?

Also, say that someone made a meta-data altering virus for hg, wouldn't they
cover their tracks so that a dump would be useless as well? Or at least not
show any traces of modification.

-----Original Message-----
From: mercurial-bounces at [mailto:mercurial-bounces at]
On Behalf Of didier deshommes
Sent: den 27 mars 2008 16:00
To: mercurial at
Subject: Re: mercurial --> plain text --> mercurial

Thanks for the reply. The concern is that someone could sneak a virus or
malignant code in the in the .hg/ directory (or anywhere else) that would
damage/alter part of the meta-data in the repo.

How would you use tar to do the above?


Mercurial mailing list
Mercurial at

More information about the Mercurial mailing list