Mercurial Mercurial > public > mercurial-scm > hg / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mercurial/help/config.txt
branchstable
changeset 34989 1a314176da9c
parent 34988 bd725a71f274
child 35037 da5d5ea7d696 
--- a/mercurial/help/config.txt	Mon Nov 06 14:56:17 2017 -0500
+++ b/mercurial/help/config.txt	Mon Nov 06 22:32:41 2017 -0800
@@ -1899,20 +1899,40 @@
 This section contains options that control the behavior of the
 subrepositories feature. See also :hg:`help subrepos`.
 
+Security note: auditing in Mercurial is known to be insufficient to
+prevent clone-time code execution with carefully constructed Git
+subrepos. It is unknown if a similar detect is present in Subversion
+subrepos. Both Git and Subversion subrepos are disabled by default
+out of security concerns. These subrepo types can be enabled using
+the respective options below.
+
 ``allowed``
-    List of subrepository types (hg, git, svn) allowed in the working
-    directory.
-
-    When disallowed, any commands including :hg:`update` will fail if
-    subrepositories are involved.
-
-    Security note: auditing in Mercurial is known to be insufficient
-    to prevent clone-time code execution with carefully constructed
-    Git subrepos. It is unknown if a similar defect is present in
-    Subversion subrepos, so both are disabled by default out of an
-    abundance of caution. Re-enable such subrepos via this setting
-    with caution.
-    (default: `hg`)
+    Whether subrepositories are allowed in the working directory.
+
+    When false, commands involving subrepositories (like :hg:`update`)
+    will fail for all subrepository types.
+    (default: true)
+
+``hg:allowed``
+    Whether Mercurial subrepositories are allowed in the working
+    directory. This option only has an effect if ``subrepos.allowed``
+    is true.
+    (default: true)
+
+``git:allowed``
+    Whether Git subrepositories are allowed in the working directory.
+    This option only has an effect if ``subrepos.allowed`` is true.
+
+    See the security note above before enabling Git subrepos.
+    (default: false)
+
+``svn:allowed``
+    Whether Subversion subrepositories are allowed in the working
+    directory. This option only has an effect if ``subrepos.allowed``
+    is true.
+
+    See the security note above before enabling Subversion subrepos.
+    (default: false)
 
 ``templatealias``
 -----------------
mercurial-scm/hg