--- a/doc/hgrc.5.txt
+++ b/doc/hgrc.5.txt
@@ -50,8 +50,9 @@ installed.
particular repository. This file is not version-controlled, and
will not get transferred during a "clone" operation. Options in
this file override options in all other configuration files.
- On Unix, this file is only read if it belongs to a trusted user
- or to a trusted group.
+ On Unix, most of this file will be ignored if it doesn't belong
+ to a trusted user or to a trusted group. See the documentation
+ for the trusted section below for more details.
SYNTAX
------
@@ -367,11 +368,16 @@ server::
data transfer overhead. Default is False.
trusted::
- Mercurial will only read the .hg/hgrc file from a repository if
- it belongs to a trusted user or to a trusted group. This section
- specifies what users and groups are trusted. The current user is
- always trusted. To trust everybody, list a user or a group with
- name "*".
+ For security reasons, Mercurial will not use the settings in
+ the .hg/hgrc file from a repository if it doesn't belong to a
+ trusted user or to a trusted group. The main exception is the
+ web interface, which automatically uses some safe settings, since
+ it's common to serve repositories from different users.
+
+ This section specifies what users and groups are trusted. The
+ current user is always trusted. To trust everybody, list a user
+ or a group with name "*".
+
users;;
Comma-separated list of trusted users.
groups;;