> > > safe', he was not able to provide any solid example that demonstrates > > > any potential security issue with putting filepath + filename + file > > > content in a .lyx file. > > > > very easy to provide. in linux you usually have files in your home > > directory. > > once you put your the whole filepath it contains your username. now this > > is 50% > > of success in case you want to assault some machine via some dictionary > > attack, > > because you already know some username which is to be attacked. > > The inclusion of filepath in .lyx file has always been allowed, and > will continue to be allowed. In another word, this is not a problem > with embedding, but a general problem with using external files. It > would be nice if embedding can help address this problem, but there is > nothing wrong if it cannot.
at least it shouldn't worse the situation. when i put reference to some file which is within the same directory no file path is written. if its problem to address in the anonymous way you have written before, probably some warning dialog before saving could be one way how to 'address' it. > patches and asked for opinions. After almost a year, when the feature > was implemented, people started to realized that they did not like the > design and provided a bunch of alternatives. This will not happen > again. i'm not happy to say it, but it can happen again. there are always things which are not clear when only proposal is given. so basically no "Period." exists. > That is to say, I will give you guys a limited time frame within which > you can express your opinions. i feel some kind of threat within you responses. maybe taking some free time from embedding stuff will help to relax from us guys :) > 1. If you disagree with basic design, you can vote against it. > 2. If you dislike certain part of the design, please object with > reasons and suggest alternatives within this framework. > 3. If you like the idea, please vote for it. yes, it maybe good idea to make some voting about embeding proposals once the details are flamed. pavel
