On 08/01/2017 07:13 PM, Christian Ridderström wrote: > On 1 August 2017 at 21:24, Richard Heck <rgh...@lyx.org > <mailto:rgh...@lyx.org>> wrote: > > Hi Richard, > > It sounds like you complain about the time spent on discussing what I > assume is not just the minted patch but safety/security in general. > However, regarding spending to much time discussing safety, I can't > help but think about LyX 2.2 where something was obviously missing in > terms of safety. > That leads me to conclude that something was missing, or went awry, in > the development process of LyX 2.2. This, combined with you advocating > > "... spend our time figuring how to make the needauth > and shell-escape stuff as secure > as we can make it, given the present framework" > > makes me a little concerned. > > It sounds like you argue for a release of 2.3 regardless of the > absolute achieved level of safety, because: > a) we've anyway done all that can be done using the needauth framework. > b) it's anyway better than LyX 2.2. > > Would you mind clarifying your point of view?
No, I don't mean to complain about our discussing this in such detail. Such discussions are tremendously important, since security issues are tremendously important. I simply meant to point out that we *have* discussed this in great detail. At some point we have to make a decision. We could continue discussing the general issue---and the wiki page, etc, that you've created are a good step in that direction---but the overall view recently has been that the present discussion was not changing anyone's mind. It was just getting people upset. Since we have had to take a vote, we know it's a decision with which not everyone will be happy. But once a decision has been made, we need to do our best, *as a team*, to implement the decision that was made as best we can. Continuing to discuss the question that's already been decided, by rare vote, is not productive. That said, it does matter to me that the needauth framework, so far as I can see, makes things *better* than they were in LyX 2.2. LyX 2.3, in my opinion, will be *more secure* than LyX 2.2 was. If I thought that security was being *reduced*, that would be an entirely different matter. I'm sure it's true that we could, in principle, do even better. That is why it's not unreasonable to continue this discussion on a somewhat different level. People who have the expertise to design a new solution, and then to implement it, whether via AppArmor or whatever, should feel free to make it a priority for 2.4 and create a feature branch for it. (I'm guessing this would involve format changes.) Maybe that would even be a reason to do an early release of 2.4. I don't mean to be pre-judging that. Richard
