Closed Bug 1670034 Opened 4 years ago Closed 3 years ago

remove pinned fingerprints in configwizard when using modern hg

Categories

(Developer Services :: Mercurial: configwizard, task)

Product:
Developer Services
Component:
Mercurial: configwizard
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: sheehan, Assigned: sheehan)

Details

Attachments

(1 file)

configwizard: remove pinned fingerprints in configwizard when using modern hg (Bug 1670034) r?mhentges
48 bytes, text/x-phabricator-request
Details | Review

Older versions of Mercurial (<3.9) allowed pinning a single SHA1 fingerprint for security in the hgrc file. We should remove the SHA1 pinning code from configwizard, since our devs should be on a more recent version of Mercurial which supports pinning multiple fingerprints with different algorithms.

Better yet, we can detect if developers are on modern enough Mercurial (3.9+) and Python (2.7.9+) to warrant un-pinning their certificates entirely.

Assignee: nobody → sheehan
Summary: remove support for SHA1 fingerprint pinning → remove pinned fingerprints in configwizard when using modern hg

Updates the fingerprint "porting" code path to instead remove pinned fingerprints.
If we hit this code path we have detected a secure version of Mercurial (3.9+)
and a secure version of Python (2.7.9+). We ensure only fingerprints that were
originally pinned by the wizard are unpinned.

Pushed by cosheehan@mozilla.com:
https://hg.mozilla.org/hgcustom/version-control-tools/rev/e3f5992d80f7
configwizard: remove pinned fingerprints in configwizard when using modern hg r=mhentges

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: