Le 01/08/2017 à 10:50, Scott Kostyshak a écrit :
On Mon, Jul 31, 2017 at 09:07:11PM +0200, Guillaume MM wrote:
I am sure that Scott meant to include in some way the option that I have
been advocating constantly from the beginning, which I understand is
probably 1. (Otherwise, I do not see what the option 1. refers to nor
who proposed it, and I would opt for not taking part in the vote.)
Yes my intention was to represent your opinion in a simplified way. I'm
sorry to have failed that. You will have an opportunity to write your
own option for the next vote (see separate email).
Hi Scott,
That's alright, I think my opinion was represented well enough. Patch
0002 was disabling minted as per 1., and patches 0001 and 0003 at
<https://www.mail-archive.com/lyx-devel@lists.lyx.org/msg201383.html>
answer your more general question "how can we make LyX the most secure
for 2.3?". One can see it like that. 0001 takes various comments that
have been made about Enrico's patch by various people into account and
0003 fixes a small display issue. It just misses for now the enabling of
shell-escape via the improved needauth mechanism but this looks simple
enough to do, and after that it can be proposed as an improvement to
Enrico's mechanism.
The first thing we will remember about your handling of this discussion
is your commitment of rationality. Please do not let Enrico's new
attacks affect you.
Guillaume
