SECURITY OF MERCURIAL-SERVERmercurial-server relies entirely on sshd to grant access to remote users.As a result, it runs no daemons, installs no setuid programs, and no partof it runs as root except the install process: all programs run as the userhg. And any attack on mercurial-server can only be started if the Bad Guysalready have a public key in ~hg/.ssh/authorized_keys, otherwise sshd willbar the way.No matter what command the user tries to run on the remote system via ssh,mercurial-server is run. It parses the command line the user asked for, andinterprets and runs the corresponding hg operation itself if access isallowed, so users can only read and add to history within repositories;they cannot run any other hg command. In addition, every push and pull islogged with a datestamp, changeset ID and the key that performed theoperation.However, while the first paragraph holds no matter what bugsmercurial-server contains, the second depends on the relevant code beingcorrect; though the entire codebase is short, mercurial-server is a fairlynew program and may harbour bugs. Backups are essential!