Disclaimer

The content of this blog is my personal opinion only. Although I am an employee - currently of Nvidia, in the past of other companies such as Iagination Technologies, MIPS, Intellectual Ventures, Intel, AMD, Motorola, and Gould - I reveal this only so that the reader may account for any possible bias I may have towards my employer's products. The statements I make here in no way represent my employer's position, nor am I authorized to speak on behalf of my employer. In fact, this posting may not even represent my personal opinion, since occasionally I play devil's advocate.

See http://docs.google.com/View?id=dcxddbtr_23cg5thdfj for photo credits.

Monday, January 30, 2012

Version controlling VCS metadata


My project .hg/hgrc is growing pretty long.

It needs to be under version control.

Unfortunately, hg does not, refuses to, version metadat such as .hg/hgrc.  Security.  Since .hg/hgrc may contain executable hooks...

Seems to me there should be a better way. E.g. disabling it's executability, although allowing it to be versioned.

Or - since some (but by no means all) such metadata is per repo, and is meaningless in a clone, perhaps there should be a meta-VCS system.  This is fairly natural for me, since i have had my repos nested within each other for decades.

Unfortunately, not so natural for Mercurial.

3 comments:

Anonymous said...

Try the projrc extension: http://mercurial.selenic.com/wiki/ProjrcExtension

Andy "Krazy" Glew said...

Thanks for pointing me to projrc. Looks good.

However, I may be missing something: it uses .hg/projrc. My understanding was that nothing under .hg was version controlled. Am I missing something?

projrc looks great for distributing setup from a central place.

I'll have to play around with it, and probably read the code, since it is security related.

Andy "Krazy" Glew said...

A comment on comments. I love comments, especially like the one above that points me to useful stuff that may solve the issue I raised in my blog.

I am also happy to have anonymous people post comments. Like many people, I hate being forced to register at a website if I just want to leave a comment on a blog or modify a wiki.

(Note: adding a comment to a blog is much less vulnerable to abuse than changing a wiki page. It's much easier to back out a comment than an edit. Moreover, adding a comment to a blog does not change the original blog entry. Hmmm... I may have to add something to my list of Blog vs. Wiki pros and cons. (Some wikis have comment add-ons...))

Anyway, I'm okay by having Anonymous comments.

But, it sure would be nice to know who made a post. Assuming, of course, that it is not some big secret.

I suspect usually it not a big secret.

I suspect that most Anonymous comments are left by people who wouldn't mind signing their names, except (1) registering with the site is a pain, and (2) even just adding by hand something the equivalent of an email or USEnet news .signature is also a pain.

I wonder if there could be a browser extension that provided a .signature equivalent for the sort of text boxes that are associated with adding a blog comment?

Of course it would have to be filtered. E.g. have it prompt annoyingly, unless the site is on a whitelist, or not never even suggest adding a .signature if on a blacklist.

And it would be more of a challenge for non-text box input, such as GUI/WYSIWYG text editors.

But it might be nice.

Weblog: comments easy, identification of comments a pain.

USEnet: comments and ide thereof easy.

Wikis: comments not so easy.