emacs-orgmode
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The fate of ditaa.jar (9.4.5.)

From: Dr. Arne Babenhauserheide
Subject: Re: The fate of ditaa.jar (9.4.5.)
Date: Tue, 11 May 2021 08:35:46 +0200
User-agent: mu4e 1.4.15; emacs 28.0.50 
Tim Cross <theophilusx@gmail.com> writes:
> I agree. As pointed out already, just bundling the jar file is not
> sufficient as you need a java runtime as well.

Java is available in my distribution, ditaa is not. Removing ditaa from
org means that I have to do manual installation and configuration, while
with ditaa bundled, org-mode can simply note that I need java installed.

> If we bundle it, we also need to ensure it is updated if/when new jar
> versions are released.

We can do that, but we don’t have to. As long as the bundled jar works,
it is much better than no jar. And users can use newer version as they
like by changing the jar-path.

Note that this isn’t about security, since even if an old version of
ditaa should turn out to be vulnerable, this would still be less
dangerous than a shell-block. Therefore old versions of ditaa are
completely fine.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]