mercurial --> plain text --> mercurial

Marcin Kasperski Marcin.Kasperski at
Thu Mar 27 11:55:22 CDT 2008

> The underlying motivation is that we don't want to have any binary
> blobs that can't be built from "trusted" sources.  Thus, we want to be
> able to get everything in an auditable plain text files and to
> reconstruct the repository completely from those.

Bah, what is "binary" and what is "text"?

If you take VeryNastyVirus.exe, and pass it through base64, then the
result will be a text file. And if later on you rebuild binary file
from this text, you will get the VeryNastyVirus.exe back. The fact
that it was a text file does not help that much.

If you are afraid that some virus or trojan would save its
code/data/whatever inside .hg/NewUglyFile then - well - there are
quite a few other locations on your drive you are unlikely to spot
(say Temporary Internet Files). Also, simple operation to get rid of
such things if they ever happen is to "hg clone" the repo to new
location and remove the old one.

If you are afraid that something would modify files used by mercurial,
then ... most likely such changes would be reported by "hg verify"

Finally ... with virus paranoia pushed that far, maybe it is a time to
consider Linux ;-)

| Marcin Kasperski   | We want to know as early as possible whether
| | the project will succeed. Thus we attack the
|                    |        high-risk areas first. (Martin)

More information about the Mercurial mailing list