If you are a committer, please update your ~/.hgrc **on Alioth** with the following lines: [trusted] users = sperber-guest If you don't have one yet, just create it with those contents. If you're *not* a committer, then this is probably irrelevant to you. Why: A recent Mercurial upgrade by Debian on alioth.debian.org has made their Mercurial upgrade more security-conscious. Specifically, by default, if the hgrc in the repository you are accessing is not owned by you, you will see the message in the subject, with some additional details (full path, user and group names). What this means technically is that the repository's .hg/hgrc file is not read, because it can cause arbitrary code to be executed by your user (not only could it call python code, but in fact execute shell scripts and other executables). Unfortunately, there is some "arbitrary code" invoked by hgrc that we very much do want executed: the commit logger that mails commit notices to xemacs-cvs. We're sorry about the annoyance, but this is a real security problem, and the global alternatives we know about so far require (1) that we have root on Alioth and (2) that everybody who uses Alioth trust Mike (in fact, the original suggestion was to make all xemacs group members trusted!) Not going to happen, obviously. A shorter, less detailed version of this information is available in http://www.xemacs.org/Develop/hgaccess.html. So, feel free to delete this mail. ;-) _______________________________________________ XEmacs-Beta mailing list XEmacs-Beta(a)xemacs.org http://calypso.tux.org/cgi-bin/mailman/listinfo/xemacs-beta