On Fri, Jul 21, 2017 at 04:29:04PM -0400, Scott Kostyshak wrote: > On Thu, Jul 20, 2017 at 07:04:56PM +0200, Guillaume MM wrote: > > Le 19/07/2017 à 16:59, Richard Heck a écrit : > > > On 07/19/2017 02:22 AM, Christian Ridderström wrote: > > > > Hi, > > > > > > > > When having tried to contribute to the discussion on needauth and > > > > shell-escape I've felt that it's quite difficult to get a good picture > > > > of things like: > > > > - Goals of design, what are we trying to achieve > > > > - Principle of design and system > > > > - Assumed threat models, and perhaps list threat scenarios we _don't_ > > > > try to protect against > > > > > > > > The e-mail threads are ... long, sometimes confusing and I suspect > > > > contains at least a few misunderstandings. So I would like to ask > > > > (not being optimistic), if there's some design description anywhere? > > > > > > No, as usual, there is not. The needauth mechanism was developed by > > > Tommaso in response > > > to security worries about certain sorts of converters, e.g., the ones > > > for R and related worries > > > about the use of gnuplot. (It may have been the latter that got him > > > interested.) Once that was on > > > board, Enrico decided to employ at least a somewhat similar mechanism to > > > support minted.sty, > > > and for whatever reason, that set off alarm bells which, in retrospect, > > > should have gone off > > > earlier. So we find ourselves in the middle of things. > > > > > > Richard > > > > > > > > > > Yes Richard, (smaller) alarm bells could have gone off a month earlier > > if I had paid attention to the gnuplot discussion. They went off when > > Scott explicitly asked about extending the use of needauth, and it did > > not seem to have changed the course of things. > > > > For 2.3 Scott chose to ask "what can we do for LyX to be the safest?" > > rather than the obvious solution to get beta out. I find it reasonable > > and a worthwhile time investment. > > I think the above summaries by Richard and Guillaume are accurate.
Please, note that I did not even think about adding support for shell escape for the sake of minted. In my view, the minted support was ready as it is now. -- Enrico
