# HG changeset patch
# User Matt Mackall <mpm@selenic.com>
# Date 1275700431 18000
# Node ID ccfd1cbc7289f1a4ed7308f44b93527c7c1eb04d
# Parent  f118029e534cd54fa2cda440933ba044f8ff0ce6
hgrc: improve docs for the trusted section

diff -r f118029e534c -r ccfd1cbc7289 doc/hgrc.5.txt
--- a/doc/hgrc.5.txt	Fri Jun 04 17:22:33 2010 -0500
+++ b/doc/hgrc.5.txt	Fri Jun 04 20:13:51 2010 -0500
@@ -781,15 +781,20 @@
 
 ``trusted``
 """""""""""
-For security reasons, Mercurial will not use the settings in the
+
+Mercurial will not use the settings in the
 ``.hg/hgrc`` file from a repository if it doesn't belong to a trusted
-user or to a trusted group. The main exception is the web interface,
-which automatically uses some safe settings, since it's common to
-serve repositories from different users.
+user or to a trusted group, as various hgrc features allow arbitrary
+commands to be run. This issue is often encountered when configuring
+hooks or extensions for shared repositories or servers. However,
+the web interface will use some safe settings from the ``[web]``
+section.
 
 This section specifies what users and groups are trusted. The
 current user is always trusted. To trust everybody, list a user or a
-group with name ``*``.
+group with name ``*``. These settings must be placed in an
+*already-trusted file* to take effect, such as ``$HOME/.hgrc`` of the
+user or service running Mercurial.
 
 ``users``
   Comma-separated list of trusted users.