On 16 July 2017 at 22:45, Jean-Marc Lasgouttes <lasgout...@lyx.org> wrote:
> What I mean is that my absolute priority these days is to have 2.3.0 out. Fully understood. > The cleanups I proposed where chosen to have a minimal effect on release > date. Anything that requires too much thinking is a bit too much for me. > Currently minted and hyphen are blocking us, and we should work towards > solving this (even though these are touchy subjects). I just went through a large chunk of the minted postings and I still don't have a clear idea about my preference, and I'm therefore not sure what to write that'd contribute. I'm generally inclined towards security and backwards compatibility. Perhaps it's because I experienced a directed attack at a previous workplace. Or perhaps it's an occupational hazard from previously working with satellite software as e.g. verification and validation manager. But even for that SW we took into account if there was a urgent and necessary need for e.g. intermediate release, assuming we had a realistic plan for fixing issues in a coming release. For minted/hyphen, I'm e.g. not clear on the need for the features. The minted thing seems more optional, whereas the hyphen thing seems like a blocker. I haven't read the hyphen stuff yet, but my baseline is that I'd really hate it if I wasn't able to compile documents I wrote a long time ago. Security scenarios/threat models for minted could be expanded upon. I mean that these days it's not just about me creating and editing my own document, instead authors collaborate and share the documents via e-mail and Dropbox etc. Theoretically some agency could intercept the document in transit and inject malicious code that they hope you'll execute on your computer. Further, you might not be the direct target and instead its someone whose computer is on the same network as you. For instance, I've seen research papers from a swedish defence research institute written in LaTeX, or perhaps LyX, who knows. But if it was LyX then it could well be worth it for an adversary (Russia..) to compromise that author's computer. I'd better stop writing now. Cheers, Christian PS. Scott, if you see this, let me take the opportunity to praise your work as release manager -- you're doing an excellent job from what I've read! It's a shame you can't just setup a teleconference to discuss the issues. Jean-Marc, in the best of all worlds there'd be a developer meeting planned for the near future where these things could've been discussed face to face.
