On Wed, Jul 19, 2017 at 11:06:54AM +0200, Pavel Sanda wrote: > and > if the argument really is that I can trick someone into unchecking > whatever I want, then I can directly trick him into writing rm -rf / > on the commandline.
Good point. I guess we try to limit the number of ways a user can be tricked, even if each way is on average just as easy to convince users to do. Similarly, without needauth we can still trick the user into adding -shell-escape manually to the converter and running a particular document. Scott
signature.asc
Description: PGP signature
