mercurial --> plain text --> mercurial

Martin Geisler mg at daimi.au.dk
Fri Mar 28 04:11:18 CDT 2008


"William Stein" <wstein at gmail.com> writes:

> Carl Witty said:
>> Second, are you worried about people checking in viruses, or people
>> concealing a virus in the .hg directory without it being checked
>> in?
>
> Both. Yes, I'm worried about people checking viruses. Yes, I'm also
> worried about people concealing a virus in the .hg directory without
> it being checked in.

No matter what files I put in the .hg directory in my clone, they wont
be copied to other clones via 'hg push' and 'hg pull'. So I don't see
why you are afraid that I might put a virus there.

The only way I could inject a virus into somebone elses Mercurial
repository (without having direct write access to it) is to commit it
and convince the other party to 'hg pull' from me.

I think that checking that people do not commit stupid things (build
products, virusses, etc) is more of a social problem. And still: if
they do commit something bad, then (assuming you are using an OS that
wont randomly execute files on your harddisk...) you can safely pull
the changes since you can always strip them away again if you want.

-- 
Martin Geisler

VIFF (Virtual Ideal Functionality Framework) brings easy and efficient
SMPC (Secure Multi-Party Computation) to Python. See: http://viff.dk/.



More information about the Mercurial mailing list