On Sat, Feb 24, 2018 at 12:33 PM, Terry Brown <[email protected]> wrote:
> Imo, #740 Execute .leo/leo_startup.py on startup > > is simpler and > > safer. > > Sure, although the per outline specificity of @script nodes is useful. > But unless we're going to remove @script nodes I don't think it's up to > us to try any decide if a user can manage the risk safely or not, and > whether they should know about the feature. Once again, I agree. @script will remain. I have just toned down the language in the first comment of #741, Require confirmation for @script nodes <https://github.com/leo-editor/leo-editor/issues/741> Realistically most Leo > users will never receive a .leo file from someone else, so while the > potential risk of @script is very high, most of the time the actual > risk is quite low. > Perhaps this is where we disagree. Somebody, don't remember who, created an impressive system for scientific computing. It defined maybe a dozen @button nodes. I can well imagine having him share his work. Also, I have just updated the first comment of #740: Execute .leo/leo_startup.py on startup <https://github.com/leo-editor/leo-editor/issues/740> to say that there is a security risk if/when people start sharing Leo startup scripts! Edward -- You received this message because you are subscribed to the Google Groups "leo-editor" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/leo-editor. For more options, visit https://groups.google.com/d/optout.
