> safe', he was not able to provide any solid example that demonstrates > any potential security issue with putting filepath + filename + file > content in a .lyx file.
very easy to provide. in linux you usually have files in your home directory. once you put your the whole filepath it contains your username. now this is 50% of success in case you want to assault some machine via some dictionary attack, because you already know some username which is to be attacked. > To ease the concern of JMarc and Jose, I am willing to introduce an > option 'keep embedded files anonymous' in BufferParams. This is easy which should be 'on' by default. > response from Edwin and JMarc. If you have persuasive arguments > against this approach, please speak out NOW (e.g. within the next few > days). Otherwise, I will work on this feature and there will be no way > to stop it later. Bo, you already know there is a way to stop it ;) please don't invest too much time unless there is general agreement this is the way to go. As we have particularly bad experience about this issue it may be even good to have some general "conclusion" mail on the approach which the intersted people you listed agreed upon. Better to flame some more weeks than to revert some work again. pavel
