Angel Ezquerra  committed 9098e0b

Add "Security Implications of Using this Extension" section

  • Participants
  • Parent commits 7a9c2ea
  • Branches default

Comments (0)

Files changed (1)

 you run the mercurial incoming command, and shows a message if a
 change is found.
+Security Implications of Using this Extension
+Although the extension has been designed to be as safe as possible,
+enabling and configuring this extension has security implications.
+The extension is secure by default, because in order to start
+receiving and updating your ``.hg/projrc`` files you must first
+whitelist the servers to transfer the file from and which settings
+to transfer.
+However you must be careful when including settings from untrusted
+sources because some mercurial settings allow a malicious user to
+configure mercurial to execute arbitrary code on your machine or
+change your local mercurial configuration.
+This means that you should only add servers you trust to your
+server list, and only include those settings that are strictly
+necessary. If you are a system administrator of a central repo that
+is meant to distribute a projrc file you should be extra careful
+to ensure that nobody modifies the projrc file without your