06:51.17 | *** join/#gllug ess_tee_u (~NULL@94-30-86-45.xdsl.murphx.net) |
11:13.06 | *** join/#gllug AndyMill1r (~andy-free@andymillar.co.uk) |
12:33.35 | *** join/#gllug dick_turpin (~peter@host217-34-163-30.in-addr.btopenworld.com) |
12:36.08 | dick_turpin | OggCamp |
14:06.22 | Leeds | WMVConf |
14:33.45 | ChoHag | Mercurial. |
14:33.47 | ChoHag | It is shit. |
14:34.26 | yaMatt | I kind of like it |
14:34.34 | yaMatt | it's like someone tried to make svn work like git |
14:34.39 | ChoHag | Somebody always does. |
14:50.42 | ChoHag | Imagine the following scenario: |
14:50.42 | ChoHag | Alice has a repository in /repos/alice/project |
14:50.42 | ChoHag | It contains a .hg/hgrc owned by Alice |
14:50.43 | ChoHag | Bob looks at the repository with hg log |
14:50.58 | ChoHag | If Bob's hg command trusted Alice's .hg/hgrc, then it could be tricked into loading and running whatever hooks, extensions, and so forth that Alice had configured. If Alice was malicious, she could set up a hook to give her access to Bob's account, read his mail, personal files, etc. |
14:51.10 | ChoHag | Or Bob could, you know, not run shit from somebody else? |
14:54.00 | ChoHag | Making me switch to root just to read a publicly-owned set of files is slightly ridiculous. |
14:54.14 | ChoHag | Also I think root probably isn't malicious. |
14:55.19 | yaMatt | couldn't you do that with git though? It has hooks too |
14:55.33 | ChoHag | But probably the good sense not to run them when it doesn't need to. |
18:22.08 | *** join/#gllug Armand (~androirc@cpc17-haye16-2-0-cust427.haye.cable.virginmedia.com) |
23:35.26 | *** join/#gllug Leeds (~richardc@168.70.79.81) |