On Thu, Jul 27, 2017 at 04:09:56PM +0200, Guillaume MM wrote: > * One has to decide which suggestions are needed for 2.3 and which ones > can be implemented later.
Agreed. And the more immediate issue is which suggestions are needed before beta1. Conditional on LyX devs supporting something like the current patch, I'm fine with moving with the current state for beta. However, I would like to see a stronger vote of support before I conclude that LyX devs are indeed in favor of the approach (more on this in a separate email). > * Having to use -shell-escape for running Pygments. Yes, and if we go the way of the patch, I don't think any other improvements (e.g. post-beta1) will be made to address this, until perhaps 2.4.0 if the Github issues is addressed. > I would also be more comfortable if somebody takes responsibility for > any patch that is to be committed, given that the author has said that > they do not endorse it. Fair point. My goal with the vote was to collectively take responsibility, since this is an important patch and involves security. But I feel that most people are just tired of the debate and are hoping too much to move forward that they have not taken a deep look. As for my personal opinion, I keep coming back to "I think this improves security" (as I perceive the word, explained at [1]). I'm not *sure* that it improves security, but all I can do is go with my best guess (taking into account of course, that we are almost at beta stage). If I am wrong and we end up shipping a LyX version that it turns out is less secure, I will certainly blame myself. More important to me is that we interpret "take responsibility" in a different way. Enrico, if we decide to go forward with something like the latest patch, will you be around in the next couple of months and willing to make potential updates and fixes? If not, we will need to see if anyone else can task responsibility for making potential fixes post-beta pre-final. Thanks to everyone for all of their time on this issue. Scott [1] https://www.mail-archive.com/search?l=mid&q=20170721201254.hvh6jrbc3yrjxqr7%40steph
signature.asc
Description: PGP signature