remove pinned fingerprints in configwizard when using modern hg
Categories
(Developer Services :: Mercurial: configwizard, task)
Tracking
(Not tracked)
People
(Reporter: sheehan, Assigned: sheehan)
Details
Attachments
(1 file)
Older versions of Mercurial (<3.9) allowed pinning a single SHA1 fingerprint for security in the hgrc file. We should remove the SHA1 pinning code from configwizard, since our devs should be on a more recent version of Mercurial which supports pinning multiple fingerprints with different algorithms.
Assignee | ||
Comment 1•3 years ago
|
||
Better yet, we can detect if developers are on modern enough Mercurial (3.9+) and Python (2.7.9+) to warrant un-pinning their certificates entirely.
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 2•3 years ago
|
||
Updates the fingerprint "porting" code path to instead remove pinned fingerprints.
If we hit this code path we have detected a secure version of Mercurial (3.9+)
and a secure version of Python (2.7.9+). We ensure only fingerprints that were
originally pinned by the wizard are unpinned.
Pushed by cosheehan@mozilla.com:
https://hg.mozilla.org/hgcustom/version-control-tools/rev/e3f5992d80f7
configwizard: remove pinned fingerprints in configwizard when using modern hg r=mhentges
Description
•