On 2017-07-19, Richard Heck wrote: > On 07/19/2017 01:48 AM, Christian Ridderström wrote: >> On 18 July 2017 at 23:49, Jean-Marc Lasgouttes <lasgout...@lyx.org >> <mailto:lasgout...@lyx.org>> wrote: >> Le 18/07/2017 à 23:42, Christian Ridderström a écrit :
>> I think the default should be secure, and that the user should >> have to do something actively to go into a dangerous mode. >> Well, since you consider that turning off two options is not >> active enough, I am not sure what to propose :) >> The problem I see with only unchecking two check boxes are e.g.: >> - Users uncheck settings all the time, it doesn't seem very "scary" >> - In the settings dialog, the real implications of unchecking these >> options >> did not seem sufficiently clear to me. >> So calling it "Allow yourself to be shot in the foot by converters" >> would help;-) >> - The setting is persistent, and easily forgotten > This, I believe, was part of what was addressed by Enrico's patch. Or > the idea behind it. Enrico's patch did not touch "needauth" but has some nice features for "shell-escape": it addressed the "set and forget" issue by a) adding a red icon to the status bar if a document has the "allow shell-escape" flag. b) revoking the permission, if the document is moved/copied to another location. I like the approach, especially b) seems a good compromise between user comfort and security. >From a user perspective, a common interface to "needauth" and "allow shell escape" seems the best. "needauth" could actually take advantage of Enrico's patch. Some ideas: * Add "unsafe pdflatex" (== pdflatex --shell-escape) and "unsafe xelatex" as new converters requiring "needauth". * Allow per-converter permission settings (instead of one generic: "I trust/don't trust all unsafe converters"). * clicking the red icon should take you to the dialogue allowing to revoke the unsafe permission. * Give users the possibility to check scripts before allowing to run them with shell-escape or at least list all parts of the document that will be allowed to run in unsafe mode (e.g. all gnuplot scripts for "gnuplot allowed", all ERT, preamble, document classes and packages for latex with shell escape). Günter
