On Jun 6, 2012, at 11:26 AM, Jed Brown wrote: > On Wed, Jun 6, 2012 at 11:24 AM, Barry Smith <bsmith at mcs.anl.gov> wrote: > With all the other unneeded bells and whistles in hg, why doesn't it have a > mechanism where WE can put this post-pull business into the repository > instead of telling each user to do that? > > Massive security hole? > > Sometimes I like to be able to look at code without running it. I've seen > "make" run "rm -rf ..". Just because I don't trust someone doesn't mean I > don't want to look at their code. It would be a very bad thing for Hg to run > arbitrary code when someone clones.
Did I ever say a mechanism to "run arbitrary code"? I do not believe I did, nor did I even hint at running arbitrary code. What I want is a mechanism to run another hg command, in fact a specific hg command. Not "arbitrary code". Barry
