On Wed, May 02, 2018 at 03:17:27PM +0000, Jean-Marc Lasgouttes wrote: > Le 02/05/2018 à 17:12, Scott Kostyshak a écrit : > > On Wed, May 02, 2018 at 09:45:41AM +0000, Jean-Marc Lasgouttes wrote: > > > Le 30/04/2018 à 02:45, Scott Kostyshak a écrit : > > > > I don't think needauth is needed in the above cases. These converters > > > > are just for exporting the code in the .lyx file, not for running that > > > > code. Unless we think there is a way to to trick lyxknitr.R (and e.g. > > > > run arbitrary code). But I don't think this is any different of a > > > > concern than the case of any other converter (e.g. tricking LaTeX or > > > > inkscape or elyxer.py). > > > > > > Go ahead. > > > > Done in master at 065e37e9. I don't know if we want this in stable. The > > patch is very simple, but since it is related to security, I'm not sure > > what to suggest. > > I really think it is OK, but discussion is welcome, of course. >
Riki, if no one else has an opinion on this in a couple of days, can I commit to 2.3.x? I'm CC'ing Tommaso in case he is interested. Scott
signature.asc
Description: PGP signature