> Ahem, excuse me to come abruptly in the discussion, but how far could
> we go by only using only the lyserver and libraries interacing to it
> from perl, python, sh, gnuplot, whatever? What would be real gain of
> an enbedded language, compared to the development cost (to make it
> really useful, I mean)? What you get by integrating python in 50 lines
> of code is certainly not better than what you get by making python
> interact with the lyxserver, is it?
The main problem I see with this approach is that the we will end
up with something similar to handling CGI-scripts in Web-servers:
LyX has to spawn an external interpreter, and this is slow and
insecure.
We will have no control over security: It will be dead
easy to implement a macro-virus in LyX. I'm not sure that
we want to do this. (Imagine that we have a code attached
to a button. When the users clicks on it, some arbitrary
code will be executed, and this code can for instance
delete all files in the users directory, or even worse
send all of them over e-mail without the user knowing.
There are no ends to speculation -- history shows that
this will very likely happen.)
If we have a "autostart" function, things will be even
worse: All of this would happen, just when you open
the document for reading.
Things are a little different when you go through the
LyX server as we have it now, because the user starts
the interpreter himself, and therefor is more likely to
know that there is a potential risk.
This situation is different when the thing is started
from with-in a LyX document. It's not natural to
assume that a LyX document can be malicious, and I don't
think it's a good idea that a LyX document *can* be
malicious.
I'm sure you have all heard about the Microsoft Word
macro viruses... No reason to make the same mistake
they did.
> PS: I just take one day off, and here you go beginning an endless
> thread with lengthy messages. You're like kids, I can't really not
> leave you without worrying... ;)
And what is even worse: I worry when you are not here!
Greets,
Asger
