Thu, 09 Mar 2017 20:33:29 -0800 sslutil: issue warning when [hostfingerprint] is used
Gregory Szorc <gregory.szorc@gmail.com> [Thu, 09 Mar 2017 20:33:29 -0800] rev 31290
sslutil: issue warning when [hostfingerprint] is used Mercurial 3.9 added the [hostsecurity] section, which is better than [hostfingerprints] in every way. One of the ways that [hostsecurity] is better is that it supports SHA-256 and SHA-512 fingerprints, not just SHA-1 fingerprints. The world is moving away from SHA-1 because it is borderline secure. Mercurial should be part of that movement. This patch adds a warning when a valid SHA-1 fingerprint from the [hostfingerprints] section is being used. The warning informs users to switch to [hostsecurity]. It even prints the config option they should set. It uses the SHA-256 fingerprint because recommending a SHA-1 fingerprint in 2017 would be ill-advised. The warning will print itself on every connection to a server until it is fixed. There is no way to suppress the warning. I admit this is annoying. But given the security implications of sticking with SHA-1, I think this is justified. If this patch is accepted, I'll likely send a follow-up to start warning on SHA-1 certificates in [hostsecurity] as well. Then sometime down the road, we can drop support for SHA-1 fingerprints. Credit for this idea comes from timeless in issue 5466.
Thu, 09 Mar 2017 19:59:52 -0800 setup: use setuptools on Windows (issue5400)
Gregory Szorc <gregory.szorc@gmail.com> [Thu, 09 Mar 2017 19:59:52 -0800] rev 31289
setup: use setuptools on Windows (issue5400) We've had a long, complicated history with setuptools. We want to make it the universal default. But when we do, it breaks things. `python setup.py build` is broken on Windows today. Forcing the use of setuptools via FORCE_SETUPTOOLS=1 unbreaks things. Since the previous bustage with making setuptools the default was on !Windows, it seems safe to move ahead with the setuptools transition on Windows. So this patch does that.
Thu, 09 Mar 2017 19:41:40 -0800 schemes: use br'' literal to define bytes regexp
Yuya Nishihara <yuya@tcha.org> [Thu, 09 Mar 2017 19:41:40 -0800] rev 31288
schemes: use br'' literal to define bytes regexp
Thu, 09 Mar 2017 12:55:48 +0900 help: fix layout of pre-formatted text
Yuya Nishihara <yuya@tcha.org> [Thu, 09 Mar 2017 12:55:48 +0900] rev 31287
help: fix layout of pre-formatted text
Thu, 09 Mar 2017 11:01:03 +0900 help: fix example of revs() fileset
Yuya Nishihara <yuya@tcha.org> [Thu, 09 Mar 2017 11:01:03 +0900] rev 31286
help: fix example of revs() fileset
Fri, 05 Aug 2016 14:24:53 +0200 filecache: make 'join' abstract
Pierre-Yves David <pierre-yves.david@ens-lyon.org> [Fri, 05 Aug 2016 14:24:53 +0200] rev 31285
filecache: make 'join' abstract All subclasses redefine this method, so we can make it abstract.
Wed, 08 Mar 2017 16:43:16 -0800 filecache: explicitly test 'repofilecache'
Pierre-Yves David <pierre-yves.david@ens-lyon.org> [Wed, 08 Mar 2017 16:43:16 -0800] rev 31284
filecache: explicitly test 'repofilecache' The tests is actually about testing a repofilecache (it uses a fake repo). We make this clear to prevent blockers while cleaning theses API.
Fri, 05 Aug 2016 14:25:21 +0200 repofilecache: directly use 'repo.vfs.join'
Pierre-Yves David <pierre-yves.david@ens-lyon.org> [Fri, 05 Aug 2016 14:25:21 +0200] rev 31283
repofilecache: directly use 'repo.vfs.join' The 'vfs' attribute already have all methods we need, the value of going through the repository for this is low. so we removes it.
(0) -30000 -10000 -3000 -1000 -300 -100 -30 -10 -8 +8 +10 +30 +100 +300 +1000 +3000 +10000 tip