On Tue, Aug 29, 2023 at 02:16:01PM +0200, Daniel wrote: > On 2023-08-29 13:16, Pavel Sanda wrote: > > On Mon, Aug 28, 2023 at 08:49:30PM -0400, Richard Kimberly Heck wrote: > > > > Options are, we postpone this for 2.4.1 as this is not fileformat > > > > change. > > > > If deemed too dangerous, we can temporarily disable the feature and > > > > enable > > > > it again with the safeguards, your call here. > > > > > > Can you remind me where all this stands? Was there a bug for this? > > > > Not bug, just the recent thread on ML. > > > > The situation as I see it: > > 1) There seems to be consesus that: > > - we should ask the user by dialog before launching a) hyperlinks b) > > citation urls from bib file c) lyxpaperview searches. > > - the dialog should have "don't ask me again" option remembered per > > file > > - the dialog should explicitly contain URL/link itself > > > > 2) There is hesitation whether to have general RC variable to disable the > > dialog above in general. > > > > 3) Either add security warning (tooltip?) to Control>Search drive for cited > > files > > or move the whole checkbox to Converters>Security and make it obvious > > that way > > The move itself makes more sense in case we go for 2 to group > > everything on one spot. > > > > > > The immediate security concern is covered by 1. > > 2 can be added later or never. 3 is disabled by default and hint can be > > added later as well. > > > > Pavel > > I am wondering whether the "don't ask me again" choice should be remembered > per document only for the current session. I think VC Code does this. Maybe > since across session settings seem to be tricky to undo. Does that make > sense?
From what I understand, you're saying that if I say "don't ask me again (for the current session)", when I open LyX it will then ask me again, right? This would be more strict, in a security sense. However, I would prefer for it to not be only for the current session. For me the question is really "do you trust this document?" and that won't usually change session to session, although to your point I can imagine some cases where it could. Good point also that it's not obvious how to undo. We can't expect a user to know where to find the session file and to remove the line. > Or would that be too annoying? In my opinion yes. I would just become desensitized to the dialog and I think it would in the end become less secure. Scott
signature.asc
Description: PGP signature
-- lyx-devel mailing list lyx-devel@lists.lyx.org http://lists.lyx.org/mailman/listinfo/lyx-devel
