Bah, I again e-mailed only Guillaume and not the list. On 19 July 2017 at 00:00, Guillaume MM <g...@lyx.org> wrote: > > > I find that it would be more cumbersome and error-prone than a good > needauth implementation.
cumbersome: Do you refer to using two user dirs, or perhaps having to (once?) modify the parameter of the converter settings? Or do you mean having two LyX windows open at the same time? error-prone: Do you mean that you'll open the doc^H^H^Hprogram [*] in normal mode and when you try to build it fails? Or do you think it'd be difficult to set this thing up? Perhaps it's an important aspect that we're talking about a scenario where the user is executing code embedded in his document, thus essentially using LyX as an IDE to develop and execute programs. > > If I understand, what you want is visibility > and revokability, which people already seem to agree are desirable > improvements to make to needauth (a red status bar thingy). Yes, visibility that I'm operating in an unusual/non-default and potentially dangerous mode. Revokability.... I'd rather say isolation/separation. Besides wanting to allow the use of shell-escape only for a limited set of documents (i.e. documents), I would likely also only want to allow shell-escape when I want to run the program. If I only need to review/edit the program, e.g. after having received it (or had it returned after modification) from an external source. By only opening the unsafe LyX when I have to, I would know that everything else I do in normal LyX is safe. So I would only have to be "careful" when using unsage-LyX. Anyway, I think we should strive to allow a design where shell-escape is not needed. And this topic is about a fallback when shell-escape is necessary. Guenter also wrote: > If I got Christian right, the suggestion was intended as > stop-gap measure for power-users of LyX <= 2.2.x (as is my alternative > proposal). Yes, it's a stop-gap measure. Depending on what happens for LyX >= 2.3 it might also be useful in the future. /Christian [*] They way converters are used here, the LyX document contains the source code of something that can be executed. So it might help to think of it as something containing source that we execute when building (or previewing) the document. Thinking of it as running a program might also help you think more about side effects of building the document. It also makes me think of providing better visibility into exactly what code you are running, and perhaps if there could be a way to "sign" versions of the code in the document then trust the code when it's still signed.