changeset 11286:ccfd1cbc7289

hgrc: improve docs for the trusted section
author Matt Mackall <mpm@selenic.com>
date Fri, 04 Jun 2010 20:13:51 -0500
parents f118029e534c
children b901bb751999
files doc/hgrc.5.txt
diffstat 1 files changed, 10 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/doc/hgrc.5.txt	Fri Jun 04 17:22:33 2010 -0500
+++ b/doc/hgrc.5.txt	Fri Jun 04 20:13:51 2010 -0500
@@ -781,15 +781,20 @@
 
 ``trusted``
 """""""""""
-For security reasons, Mercurial will not use the settings in the
+
+Mercurial will not use the settings in the
 ``.hg/hgrc`` file from a repository if it doesn't belong to a trusted
-user or to a trusted group. The main exception is the web interface,
-which automatically uses some safe settings, since it's common to
-serve repositories from different users.
+user or to a trusted group, as various hgrc features allow arbitrary
+commands to be run. This issue is often encountered when configuring
+hooks or extensions for shared repositories or servers. However,
+the web interface will use some safe settings from the ``[web]``
+section.
 
 This section specifies what users and groups are trusted. The
 current user is always trusted. To trust everybody, list a user or a
-group with name ``*``.
+group with name ``*``. These settings must be placed in an
+*already-trusted file* to take effect, such as ``$HOME/.hgrc`` of the
+user or service running Mercurial.
 
 ``users``
   Comma-separated list of trusted users.