On 6/4/2015 11:27 AM, Zdenek Wagner wrote:
Does it mean ConTeXt users will have all the nice swig modules, while
TeXLive users won't? Seems a bit unfair... This also means that TeXLive
will have a reduced ConTeXt?
(1) TexLive is a stable yearly snapshot ... and it has a complete
context. Of course context betas can support new and experimental things
but that is unrelated to a distribution. There is hardly any code on my
machine that i snot in the distribution.
(2) Context will never rely on extra modules. There might be support for
some (e.g. there is some support for mysql and so) but those are not
needed for regular typesetting. The whole idea of luatex is to delegate
to lua cq. extend via lua so creating more dependencies contradicts this.
(3) What works for context also can work or other macro packages, but
the way things get integrated can differ. So, what works in context
might not work in latex or plain and vice versa. The choice for swiglib
means that we stick to the original apis but can write macro package
specific wrappers around it.
then they are optionals --- i.e. the user chooses to install them ---
and the developer has the responsibility to fix the problems.
But this also means that the average user can't install them (installing
such a thing under Windows is way beyond average Windows user's
ability). Even distributing shared libaries for LuaTeX through luarocks
and asking users to install them is, I believe, confusing for the
average user...
The few times that I had to use e.g. luarocks it was such a nightmare
compared to a regular tex installation that I decided to use just luatex
(texlua) as lua engine. (Btw, one can just use some of the libraries
shipped as rocks with luatex.) (Ok, I also make sure that the whole
bunch of libraries that ships with context can be used with stock lua so
that in practice one doesn't see a difference.)
The solution is to educate users. All security problems stem from
hiding important knowledge, offering security settings in a not
understandable way and pretending false security. If you offer an easy
access to potentially vulnerable or malicious libraries to uneducated
users, you are doin a misservice. For uneducated users reduced but
safe system is more valuable than a potentially vulnerable systems.
Thos who need higher functionality should understand the risk and
should be educated.
Personally I'm not too worried about security but more about the
complexity of a tex system. We have a rather clear tds structure which
helps support. The more libraries (small or large) we depend on the
worse it gets (in terms of maintainance, dependencies, whatever). To
some extend the current luatex is already a bit over the top.
Hans
-----------------------------------------------------------------
Hans Hagen | PRAGMA ADE
Ridderstraat 27 | 8061 GH Hasselt | The Netherlands
tel: 038 477 53 69 | voip: 087 875 68 74 | www.pragma-ade.com
| www.pragma-pod.nl
-----------------------------------------------------------------
