Augie Fackler <augie@google.com> [Fri, 10 Mar 2017 16:54:41 -0500] rev 31301
parsers: drop old nonnormalentries method
This is okay to do because the Python will fall back transparently if
the method is missing.
Augie Fackler <augie@google.com> [Fri, 10 Mar 2017 16:53:00 -0500] rev 31300
parsers: avoid leak of nonnset and otherpset
Py_BuildValue increments the refcount, rather than stealing the
reference, which I missed in code review.
Gregory Szorc <gregory.szorc@gmail.com> [Thu, 09 Mar 2017 20:33:29 -0800] rev 31299
sslutil: issue warning when [hostfingerprint] is used
Mercurial 3.9 added the [hostsecurity] section, which is better
than [hostfingerprints] in every way.
One of the ways that [hostsecurity] is better is that it supports
SHA-256 and SHA-512 fingerprints, not just SHA-1 fingerprints.
The world is moving away from SHA-1 because it is borderline
secure. Mercurial should be part of that movement.
This patch adds a warning when a valid SHA-1 fingerprint from
the [hostfingerprints] section is being used. The warning informs
users to switch to [hostsecurity]. It even prints the config
option they should set. It uses the SHA-256 fingerprint because
recommending a SHA-1 fingerprint in 2017 would be ill-advised.
The warning will print itself on every connection to a server until
it is fixed. There is no way to suppress the warning. I admit this
is annoying. But given the security implications of sticking with
SHA-1, I think this is justified. If this patch is accepted,
I'll likely send a follow-up to start warning on SHA-1
certificates in [hostsecurity] as well. Then sometime down
the road, we can drop support for SHA-1 fingerprints.
Credit for this idea comes from timeless in issue 5466.
Gregory Szorc <gregory.szorc@gmail.com> [Thu, 09 Mar 2017 19:59:52 -0800] rev 31298
setup: use setuptools on Windows (issue5400)
We've had a long, complicated history with setuptools. We want to
make it the universal default. But when we do, it breaks things.
`python setup.py build` is broken on Windows today. Forcing
the use of setuptools via FORCE_SETUPTOOLS=1 unbreaks things.
Since the previous bustage with making setuptools the default
was on !Windows, it seems safe to move ahead with the setuptools
transition on Windows. So this patch does that.
Yuya Nishihara <yuya@tcha.org> [Thu, 09 Mar 2017 19:41:40 -0800] rev 31297
schemes: use br'' literal to define bytes regexp
Yuya Nishihara <yuya@tcha.org> [Thu, 09 Mar 2017 12:55:48 +0900] rev 31296
help: fix layout of pre-formatted text
Yuya Nishihara <yuya@tcha.org> [Thu, 09 Mar 2017 11:01:03 +0900] rev 31295
help: fix example of revs() fileset
Pierre-Yves David <pierre-yves.david@ens-lyon.org> [Fri, 05 Aug 2016 14:24:53 +0200] rev 31294
filecache: make 'join' abstract
All subclasses redefine this method, so we can make it abstract.
Pierre-Yves David <pierre-yves.david@ens-lyon.org> [Wed, 08 Mar 2017 16:43:16 -0800] rev 31293
filecache: explicitly test 'repofilecache'
The tests is actually about testing a repofilecache (it uses a fake repo). We
make this clear to prevent blockers while cleaning theses API.
Pierre-Yves David <pierre-yves.david@ens-lyon.org> [Fri, 05 Aug 2016 14:25:21 +0200] rev 31292
repofilecache: directly use 'repo.vfs.join'
The 'vfs' attribute already have all methods we need, the value of going
through the repository for this is low. so we removes it.