[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[task #15694] pdflatex: why allow write18 with -shell-escape?
|
From: |
Boud Roukema |
|
Subject: |
[task #15694] pdflatex: why allow write18 with -shell-escape? |
|
Date: |
Mon, 15 Jun 2020 19:02:02 -0400 (EDT) |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 |
Update of task #15694 (project reproduce):
Open/Closed: Closed => Open
_______________________________________________________
Follow-up Comment #2:
I haven't yet had time to trying using PGFPlots. I'm not proposing
that we exclude it, but we _do_ need to warn the user. A debate
about whether the security risk is worth it or not can be started
later, by people who know enough or who are sufficiently interested,
but it would be unreasonable to expect the user to "trust us"
and override a security recommendation without any justification
or information on where to develop the discussion.
Here is a proposed fix:
https://codeberg.org/boud/maneage_dev/src/branch/shell-escape-security-warning
https://codeberg.org/boud/maneage_dev/commit/c69bde3ca5ee39c81beb655af8f4c1d4c8f0ab52
Without a warning like this, I see the issue as still open.
_______________________________________________________
Reply to this item at:
<https://savannah.nongnu.org/task/?15694>
_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/