Re: #10481: Hardening LyX against potential misuse

2016-12-12 Thread Tommaso Cucinotta
On 12/12/2016 12:04, Helge Hafting wrote: In the general case, make a script (or utility program) that runs the dangerous converter in a chroot, where nothing dangerous can be done. No need for questions then. LyX already puts the document files in a temp directory so the cleanup after a latex

Re: problems with quotes

2016-12-12 Thread Guenter Milde
Dear Jürgen, spacing/padding of French quotes is a wide field... On 2016-12-11, Jürgen Spitzmüller wrote: > Am Samstag, den 10.12.2016, 19:44 + schrieb Guenter Milde: >> More interestingly, it also put spaces between single guillemots! > Yes, sure. This is what polyglossia does as well

Re: Hardening LyX - AppArmor patch

2016-12-12 Thread Tommaso Cucinotta
On 12/12/2016 11:56, Jean-Marc Lasgouttes wrote: Le 12/12/2016 à 11:50, Guillaume Munch a écrit : AppArmor profiles are meant to be based on white lists instead of black lists. But I agree with you that writing a white list is going to be complicated, yes, that was the major issue:

Re: problems with quotes

2016-12-12 Thread Jürgen Spitzmüller
Am Montag, den 12.12.2016, 20:41 + schrieb Guenter Milde: > Would it also be possible to override the "open/close" automatism? > Currently, I have to  >   write something,  >   insert a quote,  >   go back and delete what was written,  >   go behind the quote again > if I want a closing quote

Re: problems with quotes

2016-12-12 Thread Jürgen Spitzmüller
Am Montag, den 12.12.2016, 22:12 + schrieb Guenter Milde: > Characters. Unfortunately, with LuaTeX it does this not only for > French, > but also English or German text --- I consider this a Polyglossia > bug. > >   English «is ‹fine›». >   French «‹is› fine» spaced as it should. >   English

Re: [LyX/master] Enable InsetQuote in verbatim and Hebrew

2016-12-12 Thread Jürgen Spitzmüller
2016-12-12 5:50 GMT+01:00 Scott Kostyshak : > I think this commit is causing the tex2lyx tests to fail. See Section > 2.3 of the Development manual for instructions on updating the tex2lyx > tests after a file format change. > Thanks for reminding me on that (I always forget

Re: #10481: Hardening LyX against potential misuse

2016-12-12 Thread Helge Hafting
I see a problem with this: Den 06. nov. 2016 20:57, skrev Tommaso Cucinotta: Converters marked with the new "needauth" option won't be run unless the user gives explicit authorization, which is asked on-demand when the converter is about to be run (question is not asked if the

Re: problems with quotes

2016-12-12 Thread Jürgen Spitzmüller
2016-12-12 12:01 GMT+01:00 Guenter Milde : > On 2016-12-11, Jürgen Spitzmüller wrote: > > >> As opposed to that, I would rather introduce a plain quote style and > >> ditch the straight quote special char > > Seconded. This could also solve the issue with the currently missing > straight single

Re: Hardening LyX - AppArmor patch

2016-12-12 Thread Guillaume Munch
Le 11/12/2016 à 01:16, Tommaso Cucinotta a écrit : Hi, please, find attached a rework of the AppArmor patch to harden/confine possible side effects of converters via an AppArmor profile on Linux. The major challenge here is to ship with a meaningful AA profile -- I'd be happy to hear feedback

Re: lyx2lyx warning/error in master

2016-12-12 Thread Jürgen Spitzmüller
2016-12-12 5:30 GMT+01:00 Scott Kostyshak : > The lyx2lyx ctests are failing for me. When exporting e.g. the English > User Guide I get: > > Warning: An error ocurred in 516, 0x7ff2eca5e398> > Traceback (most recent call last): > File

Re: Hardening LyX - AppArmor patch

2016-12-12 Thread Jean-Marc Lasgouttes
Le 12/12/2016 à 11:50, Guillaume Munch a écrit : Thank you for investigating this approach. I have seen that according to , AppArmor profiles are meant to be based on white lists instead of black lists.

Re: problems with quotes

2016-12-12 Thread Guenter Milde
On 2016-12-11, Jürgen Spitzmüller wrote: >> As opposed to that, I would rather introduce a plain quote style and >> ditch the straight quote special char Seconded. This could also solve the issue with the currently missing straight single quote/apostrophe. >> (and a language/style option

Re: [LyX/master] Enable InsetQuote in verbatim and Hebrew

2016-12-12 Thread Scott Kostyshak
On Mon, Dec 12, 2016 at 10:28:41AM +0100, Jürgen Spitzmüller wrote: > 2016-12-12 5:50 GMT+01:00 Scott Kostyshak : > > > I think this commit is causing the tex2lyx tests to fail. See Section > > 2.3 of the Development manual for instructions on updating the tex2lyx > > tests

Re: lyx2lyx warning/error in master

2016-12-12 Thread Scott Kostyshak
On Mon, Dec 12, 2016 at 10:50:01AM +0100, Jürgen Spitzmüller wrote: > Should be fixed now. Confirmed. Scott signature.asc Description: PGP signature

Re: #10481: Hardening LyX against potential misuse

2016-12-12 Thread Andrew Parsloe
On 13/12/2016 12:04 a.m., Helge Hafting wrote: I see a problem with this: Den 06. nov. 2016 20:57, skrev Tommaso Cucinotta: Converters marked with the new "needauth" option won't be run unless the user gives explicit authorization, which is asked on-demand when the converter

Re: problems with quotes

2016-12-12 Thread Guenter Milde
On 2016-12-12, Jürgen Spitzmüller wrote: >> >> As opposed to that, I would rather introduce a plain quote style and >> >> ditch the straight quote special char ... >> >> (and a language/style option "RequirePlainQuote"). >> Do we really require a separate option or could we just use the new >>