Re: Build failed in Jenkins: Build branch "master" » ubuntu-xenial-qt4-autotools-extended #794

On Wed, 28 Feb 2018 at 20:27, Richard Heck wrote: > On 02/28/2018 01:25 PM, ci-...@inria.fr wrote: > > > https://ci.inria.fr/lyx/job/build-master-head/job/ubuntu-xenial-qt4-autotools-extended/794/-- > > Started by an SCM change > > Building

Re: CI job: Check author email in commit log

in builds failing. I've logged in an deleted old jobs freeing up 20-30 GB. So the CI nodes should work again. On 21 August 2017 at 03:31, Scott Kostyshak <skost...@lyx.org> wrote: > On Sun, Aug 20, 2017 at 07:20:56PM +0200, Christian Ridderström wrote: > > Hi, > > &

Re: 404 on manuals on lyx.org

Tommaso Cucinotta <tomm...@lyx.org> writes: > On 20/08/2017 20:20, Christian Ridderström wrote: >> - Perhaps write out English, Español etc in the headings > > I made an attempt to rotate the text, to keep the table compact, via > CSS attributes, but the rotated one d

Re: numbers/ids of posts on mail-archive.com vs. gmane.org?

Scott Kostyshak writes: > On Mon, Aug 07, 2017 at 11:49:19AM +0200, Pavel Sanda wrote: >> Scott Kostyshak wrote: >> > When I'm reading email in mutt, all I do is press a shortcut (I use [ma for >> > "mail archive"), and it copies the above link to my clipboard so I can >> >

Re: How to access the list efficiently? Re: Long threads? / list etiquette?

Guenter Milde <mi...@users.sf.net> writes: > On 2017-08-21, Pavel Sanda wrote: >> Christian Ridderström wrote: >>> * But then I stumbled upon a still running news service for the lists. >>> Possibly this is related to the old 'gm

Re: numbers/ids of posts on mail-archive.com vs. gmane.org?

Christian Ridderström <c...@lyx.org> writes: > Hi, > > The wiki has "InterLinks", which is simply a convenient way to refer > to certain web pages. For instance, this markup > > bug:10481 > > is automatically converted into this link > http://www.lyx.or

Re: Changes to git branches, regarding 2.3.0 development

Scott Kostyshak <skost...@lyx.org> writes: > On Sun, Aug 20, 2017 at 03:45:11PM +0200, Christian Ridderström wrote: > >> FYI, the CI jobs are testing branch 'master', so as it is we don't have >> automatic testing of changes to branch '2.3.x'. > > OK thanks for the w

Re: How to access the list efficiently? Re: Long threads? / list etiquette?

Scott Kostyshak <skost...@lyx.org> writes: > On Fri, Aug 04, 2017 at 08:22:40AM +0200, Christian Ridderström wrote: >> On 2 August 2017 at 10:03, Scott Kostyshak <skost...@lyx.org> wrote: >> >> This worked well, and the drawback was mainly when people posted in

Re: How to access the list efficiently? Re: Long threads? / list etiquette?

"Paul A. Rubin" <parubi...@gmail.com> writes: > On 08/04/2017 10:02 PM, Scott Kostyshak wrote: >> On Fri, Aug 04, 2017 at 08:22:40AM +0200, Christian Ridderström wrote: >>> On 2 August 2017 at 10:03, Scott Kostyshak <skost...@lyx.org> wrote: >>

Re: remove upload link from wiki?

Scott Kostyshak writes: > It doesn't seem like it's going to be fixed soon. Is it possible just > to remove the link? The wiki page http://wiki.lyx.org/Site/PageActions defines the meaning of the links at the top right side of a page. I've repointed the link "Upload" to

Re: wiki - Category link pages

Tommaso Cucinotta writes: > Hi, > > I took some time to clean-up the empty template that was annoyingly showing > up when clicking on the bottom category link of each wiki page, namely: > > " summary/description of the page and it's purpose. It could be something like: > How

Re: [LyX/master] oops, git is playing games with me.

Pavel Sanda writes: > The way I can comfortably push this tree onto web server will make > it pages of it's own so pmwiki format is of no help. > > If you want to make part of wiki the only reasonable way I see is > to cooperate with Christian to create some sort of ftp/scp

Re: 404 on manuals on lyx.org

Tommaso Cucinotta writes: > On 15/08/2017 22:11, Uwe Stöhr wrote: >> So fine with me if you change the order. > > done. Also, I gave a try to pmwiki tables, to get to a more compact form: > > http://wiki.lyx.org/LyX/Manuals2 The table looks nice to me. Some minor thoughts: -

CI job generating PDFs? Was: 404 on manuals on lyx.org

Guenter Milde <mi...@users.sf.net> writes: > On 2017-08-11, Christian Ridderström wrote: >> On 11 August 2017 at 13:03, Pavel Sanda <sa...@lyx.org> wrote: >>> Christian Ridderström wrote: > >>> > [*] It might make sense to have a CI job that builds

CI job: Check author email in commit log

Hi, FYI, I've set up this CI job https://ci.inria.fr/lyx/job/support/job/Check-author-email-in-commit-log/ that once a week checks the git log for commits where the author's e-mail does not say it's from @lyx.org. Rationale: Help us catch commits for which we wouldn't automatically be

Tip: Use shellcheck to do static analysis of sh and bash scripts

Hi, Just sharing a tip for when you write sh or bash scripts. Use a static analysis tool like 'shellcheck' on the scripts. https://www.shellcheck.net/ Readme at GitHub has more examples and details: https://github.com/koalaman/shellcheck I would recommend that you run it on scripts you

Re: 404 on manuals on lyx.org

Pavel Sanda writes: > Yes, I will try to push our xhtml output to the web during next week or > two so more ppl can check the output with their own eyes. > I guess many of the bugs will rather easy-fix business. Where/which URL(s) and with what kind of structure did you intend to

Re: 404 on manuals on lyx.org

Uwe Stöhr <uwesto...@lyx.org> writes: > El 11.08.2017 a las 08:35, Christian Ridderström escribió: > >> I can't do an anonymous login to ftp://ftp.lyx.de. Uwe wrote: > I'll try to repair it later today. I just tested and I still cannot do anonymous login to ftp://ftp.lyx.d

FTP service on regular LyX server (Was: 404 on manuals on lyx.org)

Uwe Stöhr writes: >> With our release frequency, it shouldn't be a problem to manually [*] >> update PDFs and upload the official manuals. > > I only used ft.lyx.de because I could not upload files anymore to > wiki.lyx.org. Is this now again possible? Hi Uwe, Yes, there's

Re: Changes to git branches, regarding 2.3.0 development

Scott Kostyshak writes: > Please read the recent email I sent regarding branching 2.3.x [1]. I > have branched and pushed the 2.3.x branch. > > 2.3.x will become 2.3.0, so if you are confident a commit belongs in > 2.3.0, please go ahead and push to 2.3.x. FYI, the CI jobs are

Re: Require C++11 for 2.3?

Stephan Witt writes: > Am 16.08.2017 um 10:47 schrieb Jean-Marc Lasgouttes : >> Le 16 août 2017 02:51:44 GMT+02:00, c...@lyx.org a écrit : >> >>> Did this happen, i.e. requiring C++11? >>> /Christian >> >> We require something close enough to c++11, the

Re: Require C++11 for 2.3?

Jean-Marc Lasgouttes writes: > Le 03/06/2016 à 07:24, Scott Kostyshak a écrit : >> Dear all, >> >> Are we going to require C++11 starting with LyX 2.3.0? From what I >> understand, this will make several things easier. > > Hello Scott, > > Yes, that's the plan. Did this

Re: News interface for the developers' list?

On 13 August 2017 at 15:59, Christian Ridderström <c...@lyx.org> wrote: > Hi, > > Some years ago lyx-devel could be accessed via a news-like interface > through gmane. Gmane seems to have gone "belly up" since quite some > time. > > Is there some oth

News interface for the developers' list?

Hi, Some years ago lyx-devel could be accessed via a news-like interface through gmane. Gmane seems to have gone "belly up" since quite some time. Is there some other news interface? /Christian

Re: 404 on manuals on lyx.org

On 11 August 2017 at 13:03, Pavel Sanda <sa...@lyx.org> wrote: > Christian Ridderström wrote: > > I agree HTML pages online would be nice. > > Not sure if our manuals can (in a nice way) just be exported as HTML > though. > > Last time I tried (around 2009 and

Re: 404 on manuals on lyx.org

On 11 August 2017 at 08:35, Christian Ridderström <c...@lyx.org> wrote: > On 8 August 2017 at 18:28, Tommaso Cucinotta <tomm...@lyx.org> wrote: > >> I just noticed these broken links >> >> http://wiki.lyx.org/LyX/Manuals#download >> http://ftp

What/how are converters triggered?

Hi, Do we have a description somewhere, perhaps in the source, as to what and how the different converters are triggered? How are files found for which converters are to be triggered? 1) File referenced by graphics insets 2) All files in certain locations 3) ? How is the type of the file

Re: LyX manuals online?

On 11 August 2017 at 00:41, Tommaso Cucinotta <tomm...@lyx.org> wrote: > On 10/08/2017 22:27, Christian Ridderström wrote: > >> Do we have the LyX manuals online, either as PDF or web pages? >> > > I just asked this as well, which I guess provides a partial reply

Re: 404 on manuals on lyx.org

On 8 August 2017 at 18:28, Tommaso Cucinotta wrote: > I just noticed these broken links > > http://wiki.lyx.org/LyX/Manuals#download > http://ftp.lyx.de/Documentation/en/Customization.lyx > http://ftp.lyx.de/Documentation/en/Customization.pdf > > guess they're all broken.

Re: Can postscript code be embedded in a LyX document?

On 10 August 2017 at 11:02, Tommaso Cucinotta wrote: > On 09/08/2017 09:05, Guenter Milde wrote: > >> For EPS to PDF this means we could preferably use "repstopdf" instead of >> "epstopdf". >> >>"repstopdf" is the version "whitelisted" in texmf.cnf for use with the >>

Re: numbers/ids of posts on mail-archive.com vs. gmane.org?

On 7 August 2017 at 04:53, Scott Kostyshak <skost...@lyx.org> wrote: > On Sun, Aug 06, 2017 at 11:27:16PM +0200, Christian Ridderström wrote: > > Hi, > > > > The wiki has "InterLinks", which is simply a convenient way to refer to > > certa

LyX manuals online?

Hi, Do we have the LyX manuals online, either as PDF or web pages? If not, how come? /Christian

numbers/ids of posts on mail-archive.com vs. gmane.org?

Hi, The wiki has "InterLinks", which is simply a convenient way to refer to certain web pages. For instance, this markup bug:10481 is automatically converted into this link http://www.lyx.org/trac/ticket/10481. Similarly, there's prefixes like LyxDevelPost and LyxUsersPost which were used

Can postscript code be embedded in a LyX document?

Hi, Q1: Can postscript (PS) code be embedded in a LyX document in such a way such that it's parsed when doing a preview, or exporting a document? Q2: Can PS code only be included by embedding a graphics inset referencing e.g. a .ps-file? Q3: Would the PS code, in e.g. an external file, be

Re: Ad a section in the wiki page about LaTeX safety

On 2 August 2017 at 09:30, Jean-Pierre Chrétien wrote: > Hello, > > Following Christian's suggestion, I've added a section about the subject > > http://wiki.lyx.org/Devel/SafetyAndSecurity#toc2 > > Is it useful/appropriate? > Thanks for adding it. I read it and it

Re: Ad a section in the wiki page about LaTeX safety

On 2 August 2017 at 09:38, Jean-Pierre Chrétien wrote: > Le 02/08/2017 à 09:30, Jean-Pierre Chrétien a écrit : > >> Hello, >> >> Following Christian's suggestion, I've added a section about the subject >> >> http://wiki.lyx.org/Devel/SafetyAndSecurity#toc2 >> > >

How to access the list efficiently? Re: Long threads? / list etiquette? (Was: Options for resolving the minted + shell-escape issue)

On 2 August 2017 at 10:03, Scott Kostyshak wrote: > > > > > I'm using gmail's web interface these days. This might be why I'm finding > > it difficult to efficiently follow threads that are so long. > > - The gmail labs thing I used for replying to parts of an e-mail is no > >

Re: Long threads? / list etiquette? (Was: Options for resolving the minted + shell-escape issue)

On 2 August 2017 at 11:29, Pavel Sanda wrote: > Scott Kostyshak wrote: > > Ah I did not realize you did that on purpose. I actually found it > annoying when > > I wanted to go up the discussion and couldn't because it was cut off > > +1 > I just want to check you understood that

Safety/security: I've received some good advice

Hi, I've consulted about LyX with someone who's an IT security professional. I'll later post that stuff separately to developers list, and/or add it to the wiki page. This post is just to make sure you guys can remind if I manage to forget as I'm tired and won't do it tonight. /Christian

Re: Options for resolving the minted + shell-escape issue

On 1 August 2017 at 21:24, Richard Heck wrote: > On 08/01/2017 04:54 AM, Scott Kostyshak wrote: > > On Tue, Aug 01, 2017 at 02:35:27AM +0200, Pavel Sanda wrote: > >> Pavel Sanda wrote: > >>> I did not hear your reaction to it either. > >> I see you just did that, sorry... P > > I

Discussing minted/safety/etc (Was: Options for resolving the minted + shell-escape issue)

Richard wrote: > We have spent an enormous amount of time on this ... > Hi, Some thoughts regarding the discussion of safety and design of security measures, i.e. a kind of "lessons learned" regarding the discussion aspects. I think one thing that made things slower and more inefficient was a

Long threads? / list etiquette? (Was: Options for resolving the minted + shell-escape issue)

Richard wrote: > We have spent an enormous amount of time on this ... > HI, Regarding the discussion of LyX's safety I'd like to make a few remarks related to ... ?list etiquette? Not sure what the correct term should be, but it ought to be clear below. Really long threads: Are we really ok

Re: Options for resolving the minted + shell-escape issue

On 1 August 2017 at 01:25, Pavel Sanda <sa...@lyx.org> wrote: > Christian Ridderström wrote: > > Please note that I'm _not_ wholly against something like needauth, I'm > simply > > not convinced it's good enough. In fact, I'm still unclear on exactly > how it >

Re: Regarding safety/security, the DOCX and DOCM formats of MS Office

On 1 August 2017 at 10:54, Scott Kostyshak <skost...@lyx.org> wrote: > On Tue, Aug 01, 2017 at 02:26:52AM +0200, Christian Ridderström wrote: > > > Anyway, I'm not really advocating a new file extension like '.lyxm', but > > simply trying to illustrate that MS O

Re: r41086 - www-user/trunk/farm/cookbook/LyX

On 1 August 2017 at 10:54, Scott Kostyshak wrote: > On Mon, Jul 31, 2017 at 09:45:55PM +0200, sa...@lyx.org wrote: > > Author: sanda > > Date: Mon Jul 31 21:45:55 2017 > > New Revision: 41086 > > URL: http://www.lyx.org/trac/changeset/41086 > > > > Log: > > Update master

Re: lyx executable built with cmake will not run

On 1 August 2017 at 14:47, Jean-Pierre Chrétien wrote: > > It does not work, I can confirm. > > Here is what I ran: > > $ git clone g...@git.lyx.org:lyx newmaster > $ cd newmaster > $ automake > $ cd ../cbuildnm > $ cmake -DLYX_ENABLE_EXPORT_TESTS=ON

What kinds of "code" can be embedded in a LyX document and "run" from LyX?

Hi, For the purpose of discussions on safety/security and needauth/shell-escape, I would like to have, and document, a more complete picture of the different kinds of use scenarios where LyX causes code to be executed that was either embedded in a LyX document, or or in some external file

Regarding safety/security, the DOCX and DOCM formats of MS Office

Hi, Regarding safe behaviour or not, I happened to remember an aspect related to MS Word and macros. Some years ago Microsoft changed the old DOC format and as default introduced the DOCX format. One change was of course the use of XML, but another is that DOCX does _not_ allow macros --- at

Re: Options for resolving the minted + shell-escape issue

Hi Scott, On 31 July 2017 at 16:50, Pavel Sanda wrote: > Scott Kostyshak wrote: > > I'm concerned that since this issue has left us all exhausted, there is > > a feeling of "let's just get this over so we can move on". I encourage > > all of us to give one more cognitive spurt

Re: Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

On 31 July 2017 at 20:44, Guillaume MM wrote: > Le 31/07/2017 à 13:31, Jürgen Spitzmüller a écrit : > >> I meant it in this sense. If a vote only means "I did not have a >> look at >> >> the patch but I am fed-up so let us go ahead" then it is not taking >>

Re: [LyX/master] prefs/needauth: added warning if user tries to disable authorization for needauth converters.

On 27 July 2017 at 00:06, Tommaso Cucinotta wrote: > commit 8a4fcd3d95ca4aeed1c46152cecadf29ed21e774 > + _("SECURITY WARNING!"), _("Unchecking this option has the > effect that potentially harmful converters would be run without asking your > permission first. This

Re: [patch] update PDF viewers in configure.py

On 31 July 2017 at 19:52, Pavel Sanda wrote: > Kornel Benko wrote: > > > It is not a demo. Only if you want to have all features like e.g. > > > splitting PDF pages one has to buy another version. So it is the same > as > > > with Acrobat Reader, for the full feature set of

Re: [patch] update PDF viewers in configure.py

On 30 July 2017 at 23:47, Jean-Marc Lasgouttes wrote: > >Under Linux I was looking for a PDF program with which I can properly > >fill out and submit PDF forms. I found the Program Master PDF editor > >and > >would therefore like to support it in LyX. > > To be frank I never

Re: allowing anonymous contributions to LyX's source code?

On 28 June 2017 at 04:10, Joel Kulesza wrote: > On Tue, Jun 27, 2017 at 7:24 PM, Richard Heck wrote: > >> >> It's come up more than once, so I think it's worth writing down what >> we've decided. Obviously, we can revisit the issue any time we like. But >> we

Re: #10735: needauth - ask again authorization if file (or script snippet) changes

Hoping/testing if a simple reply works and is added to the ticket. I think this is an excellent improvement. However, I'd like to suggest that instad of storing a timestamp, we should store a hash of the document's contents. I'm not sure if it's necessary to include the file name in what's

Re: Living with shell-escape: Using two LyX instances - critique invited

On 27 July 2017 at 18:05, Tommaso Cucinotta wrote: > On 27/07/2017 17:31, Tommaso Cucinotta wrote: > >> I think what we might do in a relatively easy and generic way, is to allow >> for setting individual preferences settings from the command-line, e.g.: >> >>alias

Re: Can shell-escape take advantage of needauth framework?

On 25 July 2017 at 01:30, Tommaso Cucinotta <tomm...@lyx.org> wrote: > On 18/07/2017 21:50, Christian Ridderström wrote: > >> I do not know how many KGB/CIA agents will be willing attend the 'hack >> LyX' classes. How much is it worth on a spy resume ? >> > >

Re: Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

On 24 July 2017 at 23:20, Tommaso Cucinotta <tomm...@lyx.org> wrote: > On 23/07/2017 20:55, Christian Ridderström wrote: > >> Regarding setting something in the preference file manually: The only >> thing I mind is that it adds a global state to LyX, as opposed to &

Re: Any descriptions of the security aspects (related to needauth and shell-escape)?

On 24 July 2017 at 23:27, Tommaso Cucinotta wrote: > > > I support the idea as well, and I'm interested in contributing to it. > I could help as well, at least with the outside view. > As a starting point for the needauth stuff, I had put a recap of the > problem and

Just a check: Ok with Qt-code in e.g. src/support/?

Hi, This is just a check. A long time ago LyX had two frontends, i.e. not only Qt. Back then I assume the Qt-code was supposed to stay under src/frontends/qt4/. I just noticed some Qt code in e.g. src/support/FileMonitor.h, so I just wanted to check that we now are ok with Qt-code in e.g.

Curious: Why '--std=c++11' and '--std=gnu++11' in compiler options? (Was: Required C++ standard for building LyX, i.e. do we require >= C++11?)

For my curiosity, I noted that in addition to '-std=c++11' among the compiler options, there's also an option for '-std=gnu++11' in the compile command. In my case I was using cmake and the compiler was Apples LLVM/clang-compiler, not gcc. Does anyone know why we use both '-std=c++11' and

Re: Silent/automatic execution of converter and needauth, concrete questions to clarify my understanding

On 18 July 2017 at 09:06, Scott Kostyshak <skost...@lyx.org> wrote: > On Mon, Jul 17, 2017 at 11:53:38PM +0200, Christian Ridderström wrote: > >> A) In LyX 2.2.x, if I open the document, no "converters" are executed. But >> when I attempt to generate the P

Types of LyX users (Was: Can shell-escape take advantage of needauth framework?)

On 21 July 2017 at 22:12, Scott Kostyshak wrote: > On Tue, Jul 18, 2017 at 11:21:38AM +0200, Jean-Marc Lasgouttes wrote: >> Le 18/07/2017 à 09:07, Scott Kostyshak a écrit : >> > I was thinking about it from a different angle. I was only focused on >> > what I thought was most

Re: Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

On 19 July 2017 at 12:00, Jean-Marc Lasgouttes <lasgout...@lyx.org> wrote: > Le 19/07/2017 à 07:48, Christian Ridderström a écrit : >> >> If user does not want all these warnings, he could disable them by >> launching LyX with some option like "--do-not-warn-me-a

Living with shell-escape: Using two LyX instances - critique invited

Bah, I again e-mailed only Guillaume and not the list. On 19 July 2017 at 00:00, Guillaume MM wrote: > > > I find that it would be more cumbersome and error-prone than a good > needauth implementation. cumbersome: Do you refer to using two user dirs, or perhaps having to (once?)

Re: Any descriptions of the security aspects (related to needauth and shell-escape)?

On 21 July 2017 at 22:28, Scott Kostyshak <skost...@lyx.org> wrote: > On Wed, Jul 19, 2017 at 07:34:59PM +, Guenter Milde wrote: > > On 2017-07-19, Christian Ridderström wrote: > > > > ... > > > ... I would like to ask (not being optimistic), if there'

Tip: Generating/showing a big diff (related to fixing namespace comments in the code)

Hi, FYI, I did a cleanup of the comments that marks the end of a namespace in the source. If anyone would like to see a side-by-side diff in HTML, I put one here: https://chr.updog.co/fix_namespace_comments_diff.html The details of how I did the work is in the commit message, but of main

Any descriptions of the security aspects (related to needauth and shell-escape)?

Hi, When having tried to contribute to the discussion on needauth and shell-escape I've felt that it's quite difficult to get a good picture of things like: - Goals of design, what are we trying to achieve - Principle of design and system - Assumed threat models, and perhaps list threat scenarios

Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

On 18 July 2017 at 23:49, Jean-Marc Lasgouttes <lasgout...@lyx.org> wrote: > Le 18/07/2017 à 23:42, Christian Ridderström a écrit : > >> I think the default should be secure, and that the user should have to do >> something actively to go into a dangerous mode. >>

Re: Can shell-escape take advantage of needauth framework?

On 18 July 2017 at 22:09, Jean-Marc Lasgouttes <lasgout...@lyx.org> wrote: > Le 18/07/2017 à 21:50, Christian Ridderström a écrit : > >> That you argue this way makes me sad.. and embarrassed/ashamed on behalf >> of the project. I could counter all your points in the p

[macOS] Behaviour when using an absolute path when doing save as

Hi, I just noticed a minor thing, and perhaps fully due to Qt and/or macOS. Steps to reproduce: - Start new document - Place '/tmp/test.lyx' into your copy buffer - Press 'Save' (Cmd-S) - Paste filename from copy buffer, i.e. /tmp/test.lyx Expected result: I expected the file to be saved as

Re: Can shell-escape take advantage of needauth framework?

On 18 July 2017 at 21:15, Jean-Marc Lasgouttes <lasgout...@lyx.org> wrote: > Le 18/07/2017 à 19:46, Christian Ridderström a écrit : > >> I just did a test with gnuplot. In the LyX settings I had unchecked >> 'Forbid of use of needauth converters' and unchecked 'Use nee

Living with shell-escape: Using two LyX instances - critique invited

Hi, If I had to use a converter that requires e.g. shell-escape perhaps the approach below would be useful. What problems do you see with it? 1) Use two lyx user directories, one standard and one "dangerous", with converters using shell-escape only in the dangerous lyx. 2) Create a tiny shell

Re: Can shell-escape take advantage of needauth framework?

On 18 July 2017 at 11:32, Guillaume MM wrote: > Once it is in, then it >>> has to be supported forever, I believe there is an agreement about this. >>> >> >> I wouldn't say this in absolute terms, but I would agree that there's >> lots of hesitation before removing a feature, and

Silent/automatic execution of converter and needauth, concrete questions to clarify my understanding

Hi, I've gotten lots of information from Enrico and Guillaume related to the security "gap", but I'd like to boil it down to simpler questions to make the situation clear to me. Assume that I've gotten a LyX document by e-mail. It was not created by me, but let's say that the sender of the

Re: Options for resolving the minted + shell-escape issue

On 17 July 2017 at 00:57, Enrico Forestieri <for...@lyx.org> wrote: > On Mon, Jul 17, 2017 at 12:49:05AM +0200, Christian Ridderström wrote: > > > > Enrico argued that there are other (equally) dangerous converters already > > in LyX. Then that's somethi

Re: Cleanup before 2.3.0?

On 17 July 2017 at 00:48, Enrico Forestieri wrote: > Dear Christian, > > I see that the operated obfuscation of issues is working with you. > Dear Enrico, Don't worry, all is not lost and any operation obfuscation has not yet succeeded in invading Sweden. I still know that I

Re: Options for resolving the minted + shell-escape issue

On 5 July 2017 at 06:59, Scott Kostyshak wrote: > Dear all, > > This is an important topic since it involves security. I'd appreciate it > if you spent some time on understanding the issue. > > I see three options for what to do about the minted + shell-escape > issue: > > 1.

Re: Cleanup before 2.3.0?

On 16 July 2017 at 22:45, Jean-Marc Lasgouttes wrote: > What I mean is that my absolute priority these days is to have 2.3.0 out. Fully understood. > The cleanups I proposed where chosen to have a minimal effect on release > date. Anything that requires too much thinking

Re: Cleanup before 2.3.0?

On 16 July 2017 at 21:39, Jean-Marc Lasgouttes wrote: > Le 16/07/2017 à 21:34, Kornel Benko a écrit : > >> If not now, then probably never. There is no optimal start, except >> at start of a project. >> > > Not necessarily. We do not have much spare time to do it right, and

Re: Cleanup before 2.3.0?

On 16 July 2017 at 21:15, Jean-Marc Lasgouttes wrote: > Le 16/07/2017 à 20:51, Scott Kostyshak a écrit : > >> "no debate" is good, but we want even more than that. We want a few more >> "yes let's go for it!" before we impose a new style. I think we got >> support from

Re: Cleanup before 2.3.0?

On 15 July 2017 at 19:06, Jean-Marc Lasgouttes <lasgout...@lyx.org> wrote: > Le 15/07/2017 à 18:55, Christian Ridderström a écrit : > >> In my opinion, if we don't reach consensus easily on formatting issues, >> we should at least for now refrain fr

Re: Cleanup before 2.3.0?

On 7 July 2017 at 04:37, Scott Kostyshak wrote: > > What do others think? > > ^ If you get support from other LyX devs, and you are willing to take > care of everything, then I'm find with it. My only other criterion is > that I don't want to personally spend any time on this.

Re: Deprecated functions used in some Objective C code

> > PS. Should we create a Trac issue for this, to help remember we need to > fix it in the future? > > I don’t need a ticket for it, the compiler is nagging every time I build > LyX :) It's fine by me. In case you wondered, some reasons I thought of creating an issue: - gives background, eg

Re: Deprecated functions used in some Objective C code

On 8 July 2017 at 22:01, Stephan Witt wrote: > I’m aware of these warnings. Recently I tried to replace the deprecated > calls in os_unix.cpp. But that’s not easy. > 1. The replacements have to be available at least with 10.7 or we have to > de-support old systems. > 2. The

Deprecated functions used in some Objective C code

Hi, While compiling on macOS Sierra, 10.12,5, I noticed warnings about deprecated calls from an Objective C file. Below is a log excerpt, there are probably more warnings. What's the policy is here... should I e.g. create a Trac issue? It's not obvious to me that we at this time would want to

Required C++ standard for building LyX, i.e. do we require >= C++11?

Hi, I was trying to confirm that compiling LyX requires at least C++11, but so far I've only seen the following in INSTALL: Requirements First of all, you will need a recent C++ compiler, where recent means that the compilers are close to C++11 standard conforming

Re: Cleanup before 2.3.0?

Hi Scott, On 6 July 2017 at 22:20, Scott Kostyshak wrote: > > - Now (before release) would be a good time to start using clang-format > > Why? One reason is that it might make it easier to backport fixes from > master to 2.3.x. This was my reason, as comparison of code

Re: Cleanup before 2.3.0?

On 3 July 2017 at 11:26, Jean-Marc Lasgouttes wrote: > Since we are approaching major release, I think it is a good time to do > some mechanical clean-ups. The idea is that it is better to do it now > instead of at the beginning of a cycle in order to ease backporting of >

Re: Build failed in Jenkins: Build branch "master" » ubuntu-xenial-qt4-autotools-extended #296

The failure (below) was due to the CI worker (lyx-linux1) running out of disk space. This CI worker only has 20 GB on the attached disk for building, and it's on the small side - the other CI workers have 40 GB. I've now deleted old workspaces and it should be fine again. Cheers, Christian On 5

Re: Build failed in Jenkins: Build branch "master" » ubuntu-latest-qt5-cmake #279

The failure (below) was due to the CI worker (lyx-linux1) running out of disk space. This CI worker only has 20 GB on the attached disk for building, and it's on the small side - the other CI workers have 40 GB. I've now deleted old workspaces and it should be fine again. Cheers, Christian On 6

Re: [LyX/master] Fix trailing whitespace in cpp files.

On 3 July 2017 at 21:42, Scott Kostyshak wrote: > On Mon, Jul 03, 2017 at 07:53:56PM +0200, Richard Heck wrote: > > commit 75bfed55079cab6b73fbea6ce4ae3f10d1af3b91 > > Author: Richard Heck > > Date: Mon Jul 3 13:53:14 2017 -0400 > > > > Fix trailing

Re: allowing anonymous contributions to LyX's source code?

On 26 June 2017 at 10:31, Jean-Marc Lasgouttes wrote: > From time to time, we receive patches from people who prefer to remain >> anonymous (e.g. use a nickname and not their real name). It would be >> nice if we had a clear policy on whether we are OK with this. >> > > We

Re: Server rebooted

Richard wrote: > These look correct to me, but I usually use iptables via shorewall. > > That said, those are massive subnets to block. I guess if we're blocking > legitimate users, we'll hear about it. > If the blocks seem to work I was thinking of announcing to users list the blocked ranges,

Re: Server rebooted

On 19 June 2017 at 10:35, Jean-Marc Lasgouttes wrote: > Le 18/06/2017 à 16:29, Kornel Benko a écrit : > >> Server was out of memory. Stopping/starting apache seems to have resolved >>> it. >>> >> >> Yes, just tried 'git pull'. Immediate response. >> > > I restarted it again

Re: Server rebooted

On 18 June 2017 at 14:40, Christian Ridderström <c...@lyx.org> wrote: > > On Sun, 18 Jun 2017 at 12:25, Kornel Benko <kor...@lyx.org> wrote: > >> Am Samstag, 17. Juni 2017 um 12:58:34, schrieb Jean-Marc Lasgouttes < >> lasgout...@lyx.org> >> > Le 1

Re: Server rebooted

On Sun, 18 Jun 2017 at 12:25, Kornel Benko <kor...@lyx.org> wrote: > Am Samstag, 17. Juni 2017 um 12:58:34, schrieb Jean-Marc Lasgouttes < > lasgout...@lyx.org> > > Le 17/06/2017 à 12:57, Christian Ridderström a écrit : > > > Good decision. > >

FYI, recently failed builds were due to slow LyX (git) server. (Was: Build failed in Jenkins: Build branch "master" » ubuntu-xenial-qt4-autotools-extended #276

FYI, this CI job (and others) failed because the LyX server was slow (JMarc has fixed it by rebooting the server). This can be seen from the full log of the CI job: Cloning repository git://git.lyx.org/lyx.git > git init >

Re: Asked for username/password when going to ftp.lyx.org from www.lyx.org/Download. (Was: can I get a username and password to download lyx?(

On 18 May 2017 at 09:09, Stephan Witt wrote: > For me - on Mac - it has always been like this. It’s not a big deal IMO to > choose anonymous and proceed. Therefore I didn’t complain :) > OTOH how would you connect in case you want using a name/password if > you’re not asked for?

Asked for username/password when going to ftp.lyx.org from www.lyx.org/Download. (Was: can I get a username and password to download lyx?(

On 17 May 2017 at 23:02, Christian Ridderström <c...@lyx.org> wrote: > On 17 May 2017 at 22:47, Fan Zhang <fan.zh...@skhms.com> wrote: > >> I was asked for a username and password from ftp://ftp.lyx.org >> >> I don’t know how I can get that. Can you pl

  1   2   3   4   5   6   7   8   9   10   >