On Tue, Jul 18, 2017 at 05:03:52PM +0200, Pavel Sanda wrote: > > After reading all the thread now, would you call the position below > hypocritical? > > 1. I do not like needauth mechanism much, but I don't see better way how to > allow advanced users to work with knitr/gnuplot without too much hassle.
Note that users can define their own dangerous converters and cannot be stopped from doing that. The issue is that these converters are offered by LyX itself. People can copy the converters from 2.2 without too much hassle. The hypocrisy I was referring to is wanting to justify the presence of such dangerous converters and at the same time asking to revert a feature which is not insecure by itself. > 2. We want minted support. New implementation does not work out of the box, > and if we want it working & secure we need extend needauth more broadly > into the code. I have to disagree. It works out of the box and the user has only to know what to do for using it. This is not a problem nowadays, because you can use google to find web pages that explain in detail and with images what has to be done. With the support offered by LyX it is simply not necessary anymore using ERT. So, I don't see why this can be a problem. > If there was no other way, it would be indeed unfair to use needauth > unilateraly (that's your 'hypocrisy' argument if I get it right), but there > seems to be pretty good chance that minted maintainer will solve the issue > within couple months, which gives two other possible ways for ppl uneasy > with needauth: > a) return back to 2.2 behaviour and wait until maintainer of minted > let us call pygments directly and introduce it in the next cycle. > b) have minted & needauth, but drop it once we can (and I would propose > the same thing for knitr/gnuplot if it ever becomes possible). > > I can't read other people minds to speculate about their inner intensions, > but to feel uneasiness about needauth-machinery creepism into the code > seems valid reasoning from my perspective. Now I don't care anymore. Do whatever you want. -- Enrico
