On Sun, Jun 25, 2017 at 02:54:29PM +0200, Jürgen Spitzmüller wrote: > Am Sonntag, den 25.06.2017, 13:53 +0200 schrieb Guillaume MM: > > > While I believe that the question of providing the package most > > > popular > > > at a certain point in time vs. a good enough implementation is > > > secondary > > > to security implications, I also inquired at > > > <https://github.com/gpoore/minted/issues/166> whether it would be > > > hard > > > to implement 3-step compilation in minted.sty. > > > > > > > A quick update: there is now a reply on the ticket above. In addition > > I > > received the following reply from the author of minted.sty. > > Thanks for bringing this to Geoffrey's attention!
Judging by the comments of gpoore, we do not want to wait for this for 2.3.0. But this does affect the discussion of what to do for 2.3.0, since we might not want to introduce a workflow in 2.3.0 that we will change soon after. But regardless of what we decide to do about minted specifically, there is still the open question of what to do with other .lyx files that require -shell-escape. I don't think we ship any besides the newly added minted ones, but it might be relevant to whether we make it easy to temporarily add the -shell-escape or whether we want to make it hard (to discourage it), with the consequence that the user might forget to remove it. Once we answer this question in general, then we can decide what to do with minted. If the answer to the general question is "yes, let's make it easy so that the user is not encouraged to permanently change a converter that they might forget about", then from what I understand, Enrico has proposed a patch that does that so it is straight-forward to move on: we can use that approach for minted for 2.3.0, and when the github issues is fixed, then we can transition to a safer approach (but I suppose it will depend on what version of minted the user has?). If the answer to the general question is "no, let's make it hard so that the user is discouarged from adding -shell-escape without thinking about it", then from what I understand, we do not make any changes to the current state of master (i.e. we do not apply the patch proposed by Enrico), but we still ship minted support as it is currently implemented. I'm sure I got something wrong in my attempt to summarize the situation and figure out what we must decide on, so can someone correct me and add more details? Please do so without adding your opinion on what we *should* do. I just want to know the potential options out there. Does everyone agree that the general question (of "make it easy or hard for user to add -shell-escape") is important and must be addressed before 2.3.0beta1, or did I miss something? Scott
signature.asc
Description: PGP signature
