On Tue, 2007-16-01 at 21:50 +0200, Uri David Akavia wrote: > On 1/16/07, Leonard Mada <[EMAIL PROTECTED]> wrote: > > > > gawk has many advantages and I may point another two: > > - it is easy and simple, and very very fast (both to write and execute - > > even on huge datasets) > > - the code is structured and visible, so it is easy to understand what > > it does (this is NOT always the case when you write complex formulas in > > the spreadsheet) > > > > I hope these are enough reasons to implement a simple menu-entry in > > gnumeric that runs awk/gawk scripts. > > I hope they aren't. > While these are good reasons, they don't seem good enough. Currently, I > haven't > heard of a proposed method that would actually have some security limitations. > > In order to keep security, you would need to write a gawk plugin for > Gnumeric, that can run a limited version of gawk. Otherwise, you're > running arbitrary scripts, without any limitations. While this might > be convenient for you, I don't see an argument that it would be good > in general. > > I hope that the developers implement this the RIGHT way, if they > implement something like this at all.
I am not sure about your computer but on mine I can open a terminal window and run lots of different programs, most of them able to demolish my home directory and other things. I like it that way. As a user I am entitled to be able to demolish my stuff. Now if we were talking about macros that can run automatically, or function that can be recalculated automatically, I would worry about security implications. But a plugin that allows us to feed some portion of a sheet to an external command and insert the output somewhere else would be under control of the user. So if the user chooses to use dangerous scripts, s/he is entitled to do that. We don't prohibit overwriting of files from within Gnumeric since the user has to approve those actions. Similarly we should let them run anything they like as long as they have to invoke it manually. Andreas -- Andreas J. Guelzow, Professor Dept. of Mathematical & Computing Sciences Concordia University College of Alberta _______________________________________________ gnumeric-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnumeric-list
