Less canonicalisation, use os.path to check for dotfiles
SECURITY OF MERCURIAL-SERVERmercurial-server relies entirely on sshd to grant access to remote users. As aresult, it runs no daemons, installs no setuid programs, and no part of itruns as root except the install process: all programs run as the user hg. Andany attack on mercurial-server can only be started if the Bad Guys alreadyhave a public key in ~hg/.ssh/authorized_keys, otherwise sshd will bar theway. No matter what command the user tries to run on the remote system viassh, mercurial-server is run. It parses the command line the user asked for, and interprets and runs thecorresponding hg operation itself if access is allowed, so users can only readand add to history within repositories; they cannot run any other hg command.In addition, every push and pull is logged with a datestamp, changeset ID andthe key that performed the operation.However, while the first paragraph holds no matter what bugsmercurial-server contains, the second depends on the relevant code beingcorrect; though the entire codebase is short, mercurial-server is a fairlynew program and may harbour bugs. Backups areessential!