On Sat, Aug 22, 2009 at 01:17, Martin Geisler<m...@lazybytes.net> wrote: > In the general case, you can specify an extension to be enabled by > filename: > > [extensions] > foo = ~/src/foo > > So if I can enable an extension like that on your system, I might be > evil and commit a bad extension *and* enable it at the same time. > > You might argue that one should then limit which extensions one can > enable in a versioned file, but it seems hard to come up with a good > mechanism for this. The current "mechanism" is the users own ~/.hgrc > file which can be seen as a whitelist of extensions he trust.
Thanks for explaining that bit, Martin. Everyone: Martin is also a hg crew member. It sounds to me like somehow requiring extensions to be enabled (without actually enabling them) would help mitigate the issues somehow, although it's still a distributed system and so clients cannot be trusted (e.g. I might put a win32text stub in there somewhere that does nothing). Cheers, Dirkjan _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
