Eric Schrock wrote: >> This definitel shouldn't be mandatory, and it really shouldn't even be >> suggested except as a hacky workaround. It's dangerous -- you can end up >> running untrusted code as yourself just by accessing someone else's >> mercurial workspace. > > So what is the internal policy w.r.t. access to elpaso.eng? The flag > day said to use NFS, but that seems to raise a few issues, and the > workarounds don't seem to be viable - either you have to put up with > annoying noise or you open yourself up to security risks.
It's worse than that - you'll see those warnings using SSH as well: anthrax[17]% time hg clone ssh://thurlow at elpaso.eng//export/gate-hg destination directory: gate-hg requesting all changes adding changesets adding manifests adding file changes added 7109 changesets with 97569 changes to 50605 files updating working directory 45608 files updated, 0 files merged, 0 files removed, 0 files unresolved remote: Warning: No xauth data; using fake authentication data for X11 forwarding. remote: Not trusting file /export/gate-hg/.hg/hgrc from untrusted user daemon, group other remote: Not trusting file /export/gate-hg/.hg/hgrc from untrusted user daemon, group other 156.70u 91.47s 15:00.34 27.5% Do we need the "Not trusting file" message? If it happens every time we do anything, it's beyond useless. Or can someone explain the intent and how to configure things so we only see it when it matters? Rob T
