Mercurial > hg

diff mercurial/help/config.txt @ 34989:1a314176da9c stable

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
subrepo: use per-type config options to enable subrepos We change subrepos.allowed from a list of allowed subrepo types to a combination of a master switch and per-type boolean flag. If the master switch is set, subrepos can be disabled wholesale. If subrepos are globally enabled, then per-type options are consulted. Mercurial repos are enabled by default. Everything else is disabled by default.
author Gregory Szorc <gregory.szorc@gmail.com>
date Mon, 06 Nov 2017 22:32:41 -0800
parents bd725a71f274
children da5d5ea7d696
line wrap: on
line diff
--- a/mercurial/help/config.txt	Mon Nov 06 14:56:17 2017 -0500
+++ b/mercurial/help/config.txt	Mon Nov 06 22:32:41 2017 -0800
@@ -1899,20 +1899,40 @@
 This section contains options that control the behavior of the
 subrepositories feature. See also :hg:`help subrepos`.
 
+Security note: auditing in Mercurial is known to be insufficient to
+prevent clone-time code execution with carefully constructed Git
+subrepos. It is unknown if a similar detect is present in Subversion
+subrepos. Both Git and Subversion subrepos are disabled by default
+out of security concerns. These subrepo types can be enabled using
+the respective options below.
+
 ``allowed``
-    List of subrepository types (hg, git, svn) allowed in the working
-    directory.
-
-    When disallowed, any commands including :hg:`update` will fail if
-    subrepositories are involved.
-
-    Security note: auditing in Mercurial is known to be insufficient
-    to prevent clone-time code execution with carefully constructed
-    Git subrepos. It is unknown if a similar defect is present in
-    Subversion subrepos, so both are disabled by default out of an
-    abundance of caution. Re-enable such subrepos via this setting
-    with caution.
-    (default: `hg`)
+    Whether subrepositories are allowed in the working directory.
+
+    When false, commands involving subrepositories (like :hg:`update`)
+    will fail for all subrepository types.
+    (default: true)
+
+``hg:allowed``
+    Whether Mercurial subrepositories are allowed in the working
+    directory. This option only has an effect if ``subrepos.allowed``
+    is true.
+    (default: true)
+
+``git:allowed``
+    Whether Git subrepositories are allowed in the working directory.
+    This option only has an effect if ``subrepos.allowed`` is true.
+
+    See the security note above before enabling Git subrepos.
+    (default: false)
+
+``svn:allowed``
+    Whether Subversion subrepositories are allowed in the working
+    directory. This option only has an effect if ``subrepos.allowed``
+    is true.
+
+    See the security note above before enabling Subversion subrepos.
+    (default: false)
 
 ``templatealias``
 -----------------