On Thu, Aug 10, 2017 at 05:37:33PM +0200, Tommaso Cucinotta wrote:
> - the UI visible red icon is fantastic :-)! guess we can re-use it when the
> user authorized needauth converters for the currently open doc;

Probably. The tooltip could be used to differentiate the usage.

> - the shell-escape would resemble needauth (and perhaps share some -- or even
> all -- of the security prefs) if:
>   - the document contained a settings requiring the use of shell-escape for
>   its correct formatting/conversion;

I am not sure what you mean here. It is a design decision that no document
can have shell-escape automatically turned on. In this way you can download
whatever doc and compile it without fear of any security risk.

>   - we had a preference option that forbids shell-escape altogether

This is different from the needauth case. As regards dangerous converters,
you have them automatically configured, so that forbidding needauth by
default is necessary to avoid their use. Instead, the user has to willingly
turn on the shell-escape feature, so that forbidding it altogether is

>   - [optional] we had a preference option that allows it always

I don't follow you here. It is allowed if the user turns it on. It cannot
be automatically turned on, so I don't understand what you mean.


Reply via email to