--- a/doc/security Tue Oct 13 18:32:26 2009 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,21 +0,0 @@
-SECURITY OF MERCURIAL-SERVER
-
-mercurial-server relies entirely on sshd to grant access to remote users.
-As a result, it runs no daemons, installs no setuid programs, and no part
-of it runs as root except the install process: all programs run as the user
-hg. And any attack on mercurial-server can only be started if the Bad Guys
-already have a public key in ~hg/.ssh/authorized_keys, otherwise sshd will
-bar the way.
-
-No matter what command the user tries to run on the remote system via ssh,
-mercurial-server is run. It parses the command line the user asked for, and
-interprets and runs the corresponding hg operation itself if access is
-allowed, so users can only read and add to history within repositories;
-they cannot run any other hg command. In addition, every push and pull is
-logged with a datestamp, changeset ID and the key that performed the
-operation.
-
-However, while the first paragraph holds no matter what bugs
-mercurial-server contains, the second depends on the relevant code being
-correct; though the entire codebase is short, mercurial-server is a fairly
-new program and may harbour bugs. Backups are essential!