https://bugs.documentfoundation.org/show_bug.cgi?id=135508
Mike Kaganski <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WONTFIX Status|UNCONFIRMED |RESOLVED --- Comment #4 from Mike Kaganski <[email protected]> --- (In reply to Heiko Tietze from comment #3) > Understand this question as a security measure. Absolutely. The request is out of question, because automatically reading an external document (even local one) may lead to all kinds of security/privacy issues, think about documents with URLs to sites that track your IP; the link in fact could be in the document near the main one, if you received several malicious documents in a ZIP, so links to local files are not safe. > Could agree if author and current user are the same. Mike, what's your take? An author/user name is not secure data; they are mainly for convenience. No one prevents me from entering the same user name into my copy of LO, if I ever get a sample document from you, and see the user name mentioned there (and even if I never get a document from you, I may prepare several versions of malicious documents with reasonably guessed user names). It could be only used in signed documents, where you can have some level of confidence that the authors are actually what it claims they are ... then how likely would it improve UX for users who "have to (re-)open several documents a day"? Or is it reasonable that users' documents reopened that often are all signed (likely finalized, or else they will nag the users with a different question about "edits will invalidate the signature")? -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Libreoffice-ux-advise mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-ux-advise
