mercurial --> plain text --> mercurial

Mike Hansen mhansen at gmail.com
Thu Mar 27 11:18:40 CDT 2008


Hello,

> Wouldn't normally the antivirus tool be scanning files as they are
> "unpacked" into the working folder anyway? The ones I've used seem to be
> scanning most files read/written to disk, and as long as the virus has to be
> unpacked to execute, it'll be detected. Or don't you run virus killers on
>the client machines?
>
> And why do you have to extract all of the data in the repo, and then pack it
> back? If you discover a virus, you can't really rebuild the repo without the
> data without recalculating hashes, etc, anyway?
>
> Also, say that someone made a meta-data altering virus for hg, wouldn't they
> cover their tracks so that a dump would be useless as well? Or at least not
> show any traces of modification.

The underlying motivation is that we don't want to have any binary
blobs that can't be built from "trusted" sources.  Thus, we want to be
able to get everything in an auditable plain text files and to
reconstruct the repository completely from those.

--Mike


More information about the Mercurial mailing list