> That's a very good point; if the *user* specifices -o "|..." that > *should* override the security setting.
Good, we agree here. > What if the -o option comes from a config file; should that override > the security setting? In secure mode, dvips should not trust the dvi file. I don't see why dvips should stop trusting its configuration files. If these are messed up by some other security problem, then the user has lost already. So, I suggest not to disable the output pipe at all (no matter wether it was set by some config file or the command line). > very sorry for (possibly) holding up a new release. I'll make sure > to spend some time this weekend on it . . . That would be great, indeed. I plan to release teTeX-2.0, soon (now that pdftex-1.10a *final* is out). Thomas