Augie Fackler <augie@google.com> [Mon, 06 Nov 2017 14:56:17 -0500] rev 34988
config: add some more documentation around why svn and git subrepos are off
Yuya Nishihara <yuya@tcha.org> [Sun, 05 Nov 2017 21:51:42 +0900] rev 34987
subrepo: disable git and svn subrepos by default (BC) (SEC)
We have a security issue with git subrepos. I'm not sure if svn subrepo is
vulnerable, but it seems not 100% safe to allow writing arbitrary data into
a metadata directory. So for now, only hg subrepo is enabled by default.
Maybe we should improve the help to describe why git/svn subrepos are
disabled.
Yuya Nishihara <yuya@tcha.org> [Sun, 05 Nov 2017 21:48:58 +0900] rev 34986
subrepo: extend config option to disable subrepos by type (SEC)
This allows us to minimize the behavior change introduced by the next patch.
I have no idea which config style is preferred in UX POV, but I decided to
get things done.
a) list: 'allowed = hg, git, svn'
b) sub option: 'allowed.hg = True' or 'allowed:hg = True'
c) per-type action: 'hg = allow', 'git = abort'