Le 18/07/2017 à 23:24, Christian Ridderström a écrit :
The threat model is one important aspect, but it's difficult for us to
know who uses LyX and in which industries. Or how many users there are
at all. And how many of them that use converters. If we can achieve
good security we don't need to care about user / usage statistics though.
If we talk principles, I think we should aim for really good security
and then discuss compromises for what's not doable. But I do think we
could do a whole lot better than the current 'needauth'.
As I wrote privately, we could have a page describing how to make LyX
secure. Or even provide a compilation flag that removes dangerous features:
- disable needauth files
- somewhat limit what is read from the user directory to the bare minimum.
JMarc
