Re: Should child docs inherit trust for needauth converter?
On Sun, Feb 11, 2018 at 11:51:47AM +, Tommaso Cucinotta wrote: > +1, from my viewpoint, perhaps we might have a TT tracking this request. Done: https://www.lyx.org/trac/ticket/11031 signature.asc Description: PGP signature
Re: Should child docs inherit trust for needauth converter?
On 02/01/2018 17:13, Jean-Marc Lasgouttes wrote: Le 28/12/2017 à 09:40, Scott Kostyshak a écrit : I suppose in cases of security, unless I can make a sound-proof argument to get rid of the additional prompts, we should just keep them. Any thoughts? I would say that, if we trust the parent, we trust the child. +1, from my viewpoint, perhaps we might have a TT tracking this request. There's a few weirdnesses about editing: 1) I edit a doc, I say I trust it 2) later, I receive a contribution, save it locally 3) I include the contribution as a child, now what shall we do ? Can't remember whether in LyX a child knows who else is including it ... instead, I guess/hope there's an easy function to go through all the children of a doc ? Thanks, T.
Re: Should child docs inherit trust for needauth converter?
Le 28/12/2017 à 09:40, Scott Kostyshak a écrit : I suppose in cases of security, unless I can make a sound-proof argument to get rid of the additional prompts, we should just keep them. Any thoughts? Any thoughts? I would say that, if we trust the parent, we trust the child. JMarc
Re: Should child docs inherit trust for needauth converter?
On 12/28/2017 03:40 AM, Scott Kostyshak wrote: > On Mon, May 29, 2017 at 04:07:00PM +, Scott Kostyshak wrote: >> I have a master document and several child documents that use knitr. If >> I click on "Run", which is the prompt from the master, I am still >> prompted for each child. >> >> I'm conflicted by what I think is the ideal behavior. I'm also biased >> since I find the multiple prompts annoying (but this is only temporary >> and easily solved). >> >> I suppose the way to think through it is the following: Is there an >> example where you would want to trust the parent but not trust the >> child? >> >> Perhaps you get the prompt for the parent, and say "I looked through >> this document and looked at the knitr chunks and know that none of the >> code is malicious" so I trust the document, and then a prompt for the >> child doc comes and you say "I did not know that the child doc used >> knitr, I want to check it also for malicious code". That's the best >> example I can come up with, but I'm not very convinced by it. >> >> I suppose in cases of security, unless I can make a sound-proof argument >> to get rid of the additional prompts, we should just keep them. >> >> Any thoughts? > Any thoughts? No, but only because I do not really use such things. rh
Re: Should child docs inherit trust for needauth converter?
On Mon, May 29, 2017 at 04:07:00PM +, Scott Kostyshak wrote: > I have a master document and several child documents that use knitr. If > I click on "Run", which is the prompt from the master, I am still > prompted for each child. > > I'm conflicted by what I think is the ideal behavior. I'm also biased > since I find the multiple prompts annoying (but this is only temporary > and easily solved). > > I suppose the way to think through it is the following: Is there an > example where you would want to trust the parent but not trust the > child? > > Perhaps you get the prompt for the parent, and say "I looked through > this document and looked at the knitr chunks and know that none of the > code is malicious" so I trust the document, and then a prompt for the > child doc comes and you say "I did not know that the child doc used > knitr, I want to check it also for malicious code". That's the best > example I can come up with, but I'm not very convinced by it. > > I suppose in cases of security, unless I can make a sound-proof argument > to get rid of the additional prompts, we should just keep them. > > Any thoughts? Any thoughts? Scott
Should child docs inherit trust for needauth converter?
I have a master document and several child documents that use knitr. If I click on "Run", which is the prompt from the master, I am still prompted for each child. I'm conflicted by what I think is the ideal behavior. I'm also biased since I find the multiple prompts annoying (but this is only temporary and easily solved). I suppose the way to think through it is the following: Is there an example where you would want to trust the parent but not trust the child? Perhaps you get the prompt for the parent, and say "I looked through this document and looked at the knitr chunks and know that none of the code is malicious" so I trust the document, and then a prompt for the child doc comes and you say "I did not know that the child doc used knitr, I want to check it also for malicious code". That's the best example I can come up with, but I'm not very convinced by it. I suppose in cases of security, unless I can make a sound-proof argument to get rid of the additional prompts, we should just keep them. Any thoughts? Scott signature.asc Description: PGP signature
