The reason for this is simple: a hook is a completely arbitrary piece of executable code.
It runs under your user identity, with your privilege level, on your machine.
Now you can add a Power Shell build step to your v Next build, calling the Power Shell script and passing the VSTS Username and Password.
You should document the hooks you expect people to use.
In a corporate intranet, this is somewhat easier to control, as you can for example provide a “Mercurial allows you to override a hook definition by redefining the hook.
You can disable it by setting its value to the empty string, or change its behavior as you wish.
If you deploy a system- or site-wide Sometimes you may want to enforce a policy that you do not want others to be able to work around.
As you can see, you can run an arbitrary shell command in a hook.
Mercurial passes extra information to the hook using environment variables (look for event occurs.In some cases, you can even control Mercurial's response to those events.The name Mercurial uses for one of these actions is a Here is a brief list of the hooks that Mercurial supports.Since hooks are arbitrary pieces of executable code, you should treat them with an appropriate level of suspicion.Do not install a hook unless you are confident that you know who created it and what it does.Set up a restricted-access account; users can push changes over the network to repositories managed by this account, but they cannot log into the account and run normal shell commands.