On Tue, Jul 18, 2017 at 11:21:38AM +0200, Jean-Marc Lasgouttes wrote: > Le 18/07/2017 à 09:07, Scott Kostyshak a écrit : > > I was thinking about it from a different angle. I was only focused on > > what I thought was most secure, without even considering usability. As I > > mentioned in the thread asking for votes, I believe that we should focus > > completely on what is the most secure. > > Well, what is the most secure is to remove all sweave/gnuplot/minted code. > There is no point in looking at security without usability IMO.
I see what you mean and I think most people would agree with your interpretation. I was taking the approach more of "under which proposal is the user least likely to run malicious code". In your scenario (let's remove all sweave/gnuplot/minted code), well sweave users would just never upgrade LyX and would lose any security-related improvements and would not have any of the protection that needauth provides. For minted users, they would have to do the '-shell-escape' dance and would have the risk of forgetting that they left a converter permanently changed. This is what I mean by "less secure". But I know that I'm thinking about things differently from others. I can understand the other perspective of security of "if a user uses only built-in LyX with no customizations, then they would be less likely to run malicious code". I just think the "if" in that statement is concerning. Scott
signature.asc
Description: PGP signature
