Re: Silent/automatic execution of converter and needauth, concrete questions to clarify my understanding

Le 17/07/2017 à 23:53, Christian Ridderström a écrit : Hi, I've gotten lots of information from Enrico and Guillaume related to the security "gap", but I'd like to boil it down to simpler questions to make the situation clear to me. Assume that I've gotten a LyX document by e-mail. It was no

Silent/automatic execution of converter and needauth, concrete questions to clarify my understanding

Hi, I've gotten lots of information from Enrico and Guillaume related to the security "gap", but I'd like to boil it down to simpler questions to make the situation clear to me. Assume that I've gotten a LyX document by e-mail. It was not created by me, but let's say that the sender of the e-mail

Re: [LyX/master] Add some notes on forward/reverse search with evince.

Am Montag, den 17.07.2017, 16:03 +0200 schrieb Pavel Sanda: > FYI you have my full support to push those scripts into master and > even ship > it with tarball unless you fear copyright issues (3dparty dir could > be used > in such case). If evince worked with couple clicks only that would be > usef

Re: Options for resolving the minted + shell-escape issue

On 07/17/2017 06:30 AM, Enrico Forestieri wrote: > On Mon, Jul 17, 2017 at 07:03:09AM +0200, Guillaume MM wrote: > >> Le 17/07/2017 à 00:49, Christian Ridderström a écrit : >>> On 5 July 2017 at 06:59, Scott Kostyshak >> > wrote: >>> >>> Dear all, >>> >>> This is an

Re: [LyX/master] Add some notes on forward/reverse search with evince.

Juergen Spitzmueller wrote: > commit 272cb6b4648c879d7a58b87071e14b3904e3b6f4 > Author: Juergen Spitzmueller > Date: Mon Jul 17 10:26:43 2017 +0200 > > Add some notes on forward/reverse search with evince. > > Evince is a special case, since it provides f/r search not via command >

Re: [LyX/master] Update fr.po for beta

Jean-Marc Lasgouttes wrote: > Le 16/07/2017 ? 20:53, Scott Kostyshak a écrit : >> I don't have svn commit privileges. Also, I don't actually know how to >> use svn. > > Do you want svn privileges? Do you want to learn some y2k technology that > is not needed anymore? ;) > > Seriously, it is less m

Re: Options for resolving the minted + shell-escape issue

On Mon, Jul 17, 2017 at 02:10:44AM +0200, Christian Ridderström wrote: > > Regarding, Minted, which is an alternative to insert pretty program > listings in your document. > > At the moment it takes manual (typing) work to cause security issues in > connection with minted. > The "at the moment",

Re: Can shell-escape take advantage of needauth framework?

On Mon, Jul 17, 2017 at 07:14:07AM +0200, Guillaume MM wrote: > > But besides that I agree with your suggestions. Thanks again for > spending your time looking into this issue with so much care. Yes, it seems that Scott can be easily convinced by your constructed arguments. "There is a bomb unde

Re: Options for resolving the minted + shell-escape issue

On Mon, Jul 17, 2017 at 07:03:09AM +0200, Guillaume MM wrote: > Le 17/07/2017 à 00:49, Christian Ridderström a écrit : > > On 5 July 2017 at 06:59, Scott Kostyshak > > wrote: > > > > Dear all, > > > > This is an important topic since it involves security. I'd ap

Re: [LyX/master] Add some notes on forward/reverse search with evince.

Le 17/07/2017 à 10:29, Juergen Spitzmueller a écrit : commit 272cb6b4648c879d7a58b87071e14b3904e3b6f4 Author: Juergen Spitzmueller Date: Mon Jul 17 10:26:43 2017 +0200 Add some notes on forward/reverse search with evince. Evince is a special case, since it provides f/r search