xdg-open for 2.4.0?
José Matos
jaomatos at gmail.com
Sat Nov 12 22:31:45 UTC 2022
On Sat, 2022-11-12 at 11:19 -0500, Scott Kostyshak wrote:
> At some point xdg-open had security concerns. I don't know the
> details, but from what I understand those issues are no longer
> relevant.
Were they ever relevant. As far as I remember some of the problems were
due to old implementations... a long time ago. :-)
> Perhaps we are still concerned that 2.4.0 could be compiled on an old
> system that still has those security concerns?
>
> Debian/Ubuntu carries a patch that puts in xdg-open to configure.py.
> If curious, you can see the patches here (most are just backports of
> stuff in master, e.g., regarding Python3 compatibility)
> wget
> "http://archive.ubuntu.com/ubuntu/pool/universe/l/lyx/lyx_2.3.6.1-1.d
> ebian.tar.xz"
>
> By the way, we already have "xdg-open" in configure.py for a raster
> image viewer.
For what is worth Fedora has those patches for more than 14 years. And
the security is always a concern so that was never an issue for Fedora.
I got so fed up with the need to update the patch that I replaced that
with a script that changes configure.py after unpackaging.
IMHO a better change would be to replace the list of options by a
subset that can be configured per platform, in particular to use a
plugin system to override those choices.
Since configure.py we can use sys to get that information instead of
using a single list for all systems.
That is on my list but I have avoided it to disturb the process at this
stage.
If my memory serves me I think that Riki had been working on something
related to the platform concept.
> It seems there are two questions:
>
> (1) Are we still concerned about a security issue?
> (2) Regardless of a security issue, is xdg-open what we want?
>
> If the answer to (1) is "no", and there are mixed opinions about (2),
> maybe we can at least add "xdg-open" as the *last* option?
>
> Potentially relevant as well:
> https://www.lyx.org/trac/ticket/11641
>
> Interesting past discussions on xdg-open below. I didn't go through
> them
> too carefullly.
> https://www.mail-archive.com/lyx-devel@lists.lyx.org/msg133878.html
> https://www.mail-archive.com/lyx-devel@lists.lyx.org/msg152142.html
>
> Scott
--
José Abílio
More information about the lyx-devel
mailing list