Using PGP keys to sign documents, helpful for needauth converters?

Scott Kostyshak skostysh at lyx.org
Mon Jul 6 15:20:17 UTC 2020


Suppose I have a document that needs a needauth converter (e.g., knitr).
Currently, I need to authorize each document, and then the document path
is stored in the session file (under "auth files"). I like this, and it
makes me feel more comfortable compiling documents I download from
untrusted sources (e.g., when trying to help someone). However, I find
it annoying when I try to compile my own documents that are older. I
could just be careful to preserve the session file so that it remembers
all of the ones that I have authorized, but I wonder if it would be
interesting to allow signing of .lyx files with PGP keys. That way, if I
open a document that is signed by a key that I have in my keyring, there
is no need to ask for authorization. What are your thoughts on this?

One thing I thought about was the policy "whenever I save a document, it
should be automatically signed", but after thinking more, that does not
seem like a good idea. I might download a random document from the
internet, and then do some edits to remove some stuff that I don't think
is relevant to the problem (i.e., make it more of an MWE), and then just
save it out of habit, and then compile. A better approach might be the
policy "whenever I save a document that I've previously signed, the new
version is automatically signed".

I won't have time to work on this for a long time, but I'm still curious
about opinions.

Scott
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.lyx.org/pipermail/lyx-devel/attachments/20200706/52872d7b/attachment.asc>


More information about the lyx-devel mailing list