On Thu, Jul 06, 2017 at 04:03:11PM +0200, Enrico Forestieri wrote: > On Wed, Jul 05, 2017 at 12:54:20AM -0400, Scott Kostyshak wrote: > > > On Tue, Jun 27, 2017 at 09:26:30PM +0200, Enrico Forestieri wrote: > > > > > I don't think that reverting is in discussion here > > > > It is as long as even one LyX developer proposes it. > > Ok. Then, I find it unfair not discussing the removal of needauth and > of the dangerous converters (gnuplot/sweave/knitr) at the same time. > They are the same from a security point of view and thus they have > to go together.
I see your point. > Trying to separate these issues is hypocritical and discriminatory. I do not think it necessarily has to be hypocritical or discriminatory. Hypocritical to me would mean that there's no reasonable argument why one would be allowed and the other would not. Consider the following potential rule: We should not introduce code that makes the next LyX version less secure than the previous version. To me this is a reasonable criterion. I'm not saying it's the only one and I'm not saying it's better than other criteria we could use instead, but I believe it is *reasonable*. And because knitr and Sweave were in previous releases, unless we believe that needauth decreases the security of them then it passes this criterion. If it is determined that the work regarding shell-escape makes LyX less secure, then that work would not pass the above criteria. Consider the following philosophy instead: If we reject a patch that decreases security, we should remove all related functionality from LyX that suffers from that same security threat. This also seems reasonable. I'm not going to make an argument about which one is more reasonable. I'm just saying that both are reasonable to me. It is still not clear whether the majority of LyX developers think that the shell-escape work decreases or increases security. I would prefer to wait and see what the majority believe. If they believe that it would decrease security, then I think that we should do as you suggest and re-evaluate needauth and our decision to ship support for knitr and Sweave. Scott
