On 07/19/2017 02:22 AM, Christian Ridderström wrote: > Hi, > > When having tried to contribute to the discussion on needauth and > shell-escape I've felt that it's quite difficult to get a good picture > of things like: > - Goals of design, what are we trying to achieve > - Principle of design and system > - Assumed threat models, and perhaps list threat scenarios we _don't_ > try to protect against > > The e-mail threads are ... long, sometimes confusing and I suspect > contains at least a few misunderstandings. So I would like to ask > (not being optimistic), if there's some design description anywhere?
No, as usual, there is not. The needauth mechanism was developed by Tommaso in response to security worries about certain sorts of converters, e.g., the ones for R and related worries about the use of gnuplot. (It may have been the latter that got him interested.) Once that was on board, Enrico decided to employ at least a somewhat similar mechanism to support minted.sty, and for whatever reason, that set off alarm bells which, in retrospect, should have gone off earlier. So we find ourselves in the middle of things. Richard
