[PATCH] Check for .hgrc files in ancestor directories above the repository

[Jesse Glick]

Maxim Dounin wrote:
> As I said before I'm even fine with your previous patch if this will
> be configurable and off by default (so user have to explicitly switch
> this on). I suggested the solution above just as one more flexible.

Well, if you need to configure it anyway, you might as well specify the 
actual filenames to include.

A security issue I just thought of: a malicious repository administrator 
(or committer to that repository) with knowledge of your includeconfig 
setting could commit a config file in the correct location in the root 
repository of a forest. If you fclone and then do an operation on a 
nested repo, you pick up those settings, which could include malicious 
hooks. I think this attack could be deterred by refusing to read include 
files which are inside a Hg working copy (e.g. with some ancestor dir 
with a .hg subdir).