On Wed, Jul 19, 2017 at 10:58:44AM -0400, Richard Heck wrote:
>
> Thanks for this, Enrico. Let me just ask one question about it: Is the
> mechanism here per-document
> or per-document and also per-converter?
This only addresses particular converters, i.e., the latex backends.
> That is,
Hi,
When having tried to contribute to the discussion on needauth and
shell-escape I've felt that it's quite difficult to get a good picture of
things like:
- Goals of design, what are we trying to achieve
- Principle of design and system
- Assumed threat models, and perhaps list threat scenarios
>
> But I'd make one more suggestion: Every time a user opens a
> document for which this
> sort of thing will be enabled, we pop a warning before we do anything.
> I.e., we do NOT just run
> gnuplot in the background, but we say something like what Jürgen had
> above, with buttons offering
>
Christian Ridderström wrote:
> I just did a test with gnuplot. In the LyX settings I had unchecked 'Forbid
> of use of needauth converters' and unchecked 'Use needauth option'. Then I
> opened a LyX doc with a gnuplot script. Result: LyX tried to run the script
> due to the preview, without asking
On 2017-07-18, Guillaume MM wrote:
> Le 18/07/2017 à 21:29, Christian Ridderström a écrit :
>> If I had to use a converter that requires e.g. shell-escape perhaps the
>> approach below would be useful. [...]
...
> I find that it would be more cumbersome and error-prone than a good
> needauth
Christian Ridderström wrote:
> - Users uncheck settings all the time, it doesn't seem very "scary"
>
> Why does disabling something like needauth have to be done from within LyX?
... as I read through the list I see we come to similar conclusions ...
I don't have strong opinion about these.
Pavel Sanda wrote:
> commit cd7b1dad6713e0dba2b90e7757fce5b0ca8e
> Author: Pavel Sanda
> Date: Wed Jul 19 13:36:06 2017 +0200
>
> We have new translation which slipped through the cracks.
Scott, I am sorry I did not catch that before.
If/when you will be sending the
2017-07-19 14:17 GMT+02:00 Jürgen Spitzmüller :
>
> But we have the situation now that we output different strings for the
> list of listings heading, depending on whether we use minted or listings
> ("Listings" vs. "List of Listings").
>
OTOH I see now that this is how they are
Pavel Sanda wrote:
> Kornel Benko wrote:
> > Am Mittwoch, 19. Juli 2017 um 05:58:29, schrieb Jari-Matti Mäkelä
> >
> > > Fri, 09 Jun 2017 20:30:07 +0200
> > > Kornel Benko wrote:
> > >
> > > > At least 'make translations1' works. No, I did not so far. The
2017-07-19 13:51 GMT+02:00 Pavel Sanda :
> Pavel Sanda wrote:
> > commit cd7b1dad6713e0dba2b90e7757fce5b0ca8e
> > Author: Pavel Sanda
> > Date: Wed Jul 19 13:36:06 2017 +0200
> >
> > We have new translation which slipped through the cracks.
>
> Scott, I am
Am Mittwoch, 19. Juli 2017 um 19:48:49, schrieb Guenter Milde
> On 2017-07-19, Kornel Benko wrote:
>
> > [-- Type: text/plain, Encoding: 7bit --]
>
> > Am Mittwoch, 19. Juli 2017 um 15:00:16, schrieb Kornel Benko
> >
> >> So, maybe better we could omit
On 2017-07-19, Christian Ridderström wrote:
...
> ... I would like to ask (not being
> optimistic), if there's some design description anywhere?
> I wonder because IMHO security requires a system wide approach and that
> it's very easy to screw up if only looking at isolated pieces. Further, it
On 2017-07-19, Kornel Benko wrote:
> [-- Type: text/plain, Encoding: 7bit --]
> Am Mittwoch, 19. Juli 2017 um 15:00:16, schrieb Kornel Benko
>> So, maybe better we could omit \textcompwordmark in mono fonts.
> This patch works for me. It uses vphantom{}, but only between '<<'
https://ci.inria.fr/lyx/job/build-master-head/job/ubuntu-xenial-qt4-autotools-extended/317/
On Tue, Jun 27, 2017 at 04:47:10PM +0200, Jean-Marc Lasgouttes wrote:
> commit 13c3c1485b68980c51658cef8fadf804982d75ee
> Author: Jean-Marc Lasgouttes
> Date: Fri Jun 23 20:32:32 2017 +0200
>
> Fixup the fixup d0acc3e57044: use editable()/isActive()
>
> While
Hi Juergen,
make ../lib/layouttranslations from within po/ dir
used to update layout translations, but it breaks now on
make: *** No rule to make target '../lib/citeengines/*.citeengines', needed by
'../lib/layouttranslations'. Stop.
Not sure what's going on.
Pavel
2017-07-19 12:38 GMT+02:00 Pavel Sanda :
> Fixed it. P
>
Thanks!
Jürgen
Am Mittwoch, 19. Juli 2017 um 05:58:29, schrieb Jari-Matti Mäkelä
> Fri, 09 Jun 2017 20:30:07 +0200
> Kornel Benko wrote:
>
> > At least 'make translations1' works. No, I did not so far. The changes
> > are because of the fi.po.patch from Jari-Matti Mäkelä.
> >
On 2017-07-18, Kornel Benko wrote:
...
> 2.) Can we replace outputting \textcompwordmark with \vphantom{} in
> exported tex file?
> I could not see any difference in the pdflatex output. Also
> lualatex and xelatex displayed correctly.
However, lib/unicodesymbols says:
Do only
On 2017-07-18, Kornel Benko wrote:
...
> there is also error with the system font 'FreeSerif,FreeSans,FreeMono'
> when exporting to PDF(luatex)
> !Package varioref Error: \vref at page boundary 14-15 (may loop).
> See the varioref package documentation for explanation.
> Type H
Guillaume MM wrote:
> Le 18/07/2017 ?? 23:27, Jean-Marc Lasgouttes a écrit :
>> Le 18/07/2017 ?? 23:24, Christian Ridderström a écrit :
>>> The threat model is one important aspect, but it's difficult for us to
>>> know who uses LyX and in which industries. Or how many users there are at
>>>
Le 19/07/2017 à 07:48, Christian Ridderström a écrit :
If user does not want all these warnings, he could disable them by
launching LyX with some option like "--do-not-warn-me-about-unsafe-setting".
Instead of having a checkbox for "don't tell me these things again".
It has the same issues as
Pavel Sanda wrote:
> Hi Juergen,
>
> make ../lib/layouttranslations from within po/ dir
> used to update layout translations, but it breaks now on
> make: *** No rule to make target '../lib/citeengines/*.citeengines', needed
> by '../lib/layouttranslations'. Stop.
> Not sure what's going on.
Kornel Benko wrote:
> Am Mittwoch, 19. Juli 2017 um 05:58:29, schrieb Jari-Matti Mäkelä
>
> > Fri, 09 Jun 2017 20:30:07 +0200
> > Kornel Benko wrote:
> >
> > > At least 'make translations1' works. No, I did not so far. The changes
> > > are because of the
Am Mittwoch, 19. Juli 2017 um 10:56:21, schrieb Guenter Milde
> On 2017-07-18, Kornel Benko wrote:
>
> ...
>
> > there is also error with the system font 'FreeSerif,FreeSans,FreeMono'
> > when exporting to PDF(luatex)
>
> > !Package varioref Error: \vref at page boundary
Jürgen Spitzmüller wrote:
> OTOH I see now that this is how they are defined in listings and minted,
> respectively. So the (differing) strings are OK.
Yes, when I looked through the logs it seems Enrico was well aware of the issue.
> For de, I've just committed a small correction. Shall I
Am Mittwoch, 19. Juli 2017 um 15:00:16, schrieb Kornel Benko
> So, maybe better we could omit \textcompwordmark in mono fonts.
This patch works for me. It uses vphantom{}, but only between '<<' and '>>'.
Korneldiff --git a/src/Paragraph.cpp b/src/Paragraph.cpp
index
On Tue, Jul 18, 2017 at 07:26:23PM -0400, Richard Heck wrote:
> On 07/18/2017 09:56 AM, Jürgen Spitzmüller wrote:
> > Am Dienstag, den 18.07.2017, 15:39 +0200 schrieb Jean-Marc Lasgouttes:
> >> Whi, not, maybe along with the names of the converters (features)
> >> Sweave/gnuplot/minted present in
On 07/19/2017 05:06 AM, Pavel Sanda wrote:
> Christian Ridderström wrote:
>> I just did a test with gnuplot. In the LyX settings I had unchecked 'Forbid
>> of use of needauth converters' and unchecked 'Use needauth option'. Then I
>> opened a LyX doc with a gnuplot script. Result: LyX tried to run
On 07/19/2017 10:37 AM, Enrico Forestieri wrote:
> On Tue, Jul 18, 2017 at 07:26:23PM -0400, Richard Heck wrote:
>> On 07/18/2017 09:56 AM, Jürgen Spitzmüller wrote:
>>> Am Dienstag, den 18.07.2017, 15:39 +0200 schrieb Jean-Marc Lasgouttes:
Whi, not, maybe along with the names of the
On 07/19/2017 02:22 AM, Christian Ridderström wrote:
> Hi,
>
> When having tried to contribute to the discussion on needauth and
> shell-escape I've felt that it's quite difficult to get a good picture
> of things like:
> - Goals of design, what are we trying to achieve
> - Principle of design and
On 07/19/2017 02:04 PM, Enrico Forestieri wrote:
> On Wed, Jul 19, 2017 at 10:58:44AM -0400, Richard Heck wrote:
>> Thanks for this, Enrico. Let me just ask one question about it: Is the
>> mechanism here per-document
>> or per-document and also per-converter?
> This only addresses particular
Am Mittwoch, den 19.07.2017, 16:37 +0200 schrieb Enrico Forestieri:
> The attached patch takes into account all of these ideas. As a
> disclaimer,
> note that I am providing it only because I am now familiar with this
> part
> of the code and can quickly come up with a patch. But I am not
>
33 matches
Mail list logo