> Sent: Tuesday, May 11, 2021 at 6:35 PM > From: "Dr. Arne Babenhauserheide" <arne_...@web.de> > To: "Tim Cross" <theophil...@gmail.com> > Cc: emacs-orgmode@gnu.org > Subject: Re: The fate of ditaa.jar (9.4.5.) > > > Tim Cross <theophil...@gmail.com> writes: > > I agree. As pointed out already, just bundling the jar file is not > > sufficient as you need a java runtime as well. > > Java is available in my distribution, ditaa is not. Removing ditaa from > org means that I have to do manual installation and configuration, while > with ditaa bundled, org-mode can simply note that I need java installed. > > > If we bundle it, we also need to ensure it is updated if/when new jar > > versions are released. > > We can do that, but we don’t have to. As long as the bundled jar works, > it is much better than no jar. And users can use newer version as they > like by changing the jar-path.
A jar that works would be good as initial setup, then people can change that as they wish. > Note that this isn’t about security, since even if an old version of > ditaa should turn out to be vulnerable, this would still be less > dangerous than a shell-block. Therefore old versions of ditaa are > completely fine. > > Best wishes, > Arne > -- > Unpolitisch sein > heißt politisch sein > ohne es zu merken >
