xdg-open for 2.4.0?

José Matos jaomatos at gmail.com
Sat Nov 12 22:31:45 UTC 2022


On Sat, 2022-11-12 at 11:19 -0500, Scott Kostyshak wrote:
> At some point xdg-open had security concerns. I don't know the
> details, but from what I understand those issues are no longer
> relevant.

Were they ever relevant. As far as I remember some of the problems were
due to old implementations... a long time ago. :-)

> Perhaps we are still concerned that 2.4.0 could be compiled on an old
> system that still has those security concerns?
>
> Debian/Ubuntu carries a patch that puts in xdg-open to configure.py.
> If curious, you can see the patches here (most are just backports of
> stuff in master, e.g., regarding Python3 compatibility)
> wget
> "http://archive.ubuntu.com/ubuntu/pool/universe/l/lyx/lyx_2.3.6.1-1.d
> ebian.tar.xz"
> 
> By the way, we already have "xdg-open" in configure.py for a raster
> image viewer.

For what is worth Fedora has those patches for more than 14 years. And
the security is always a concern so that was never an issue for Fedora.

I got so fed up with the need to update the patch that I replaced that
with a script that changes configure.py after unpackaging.

IMHO a better change would be to replace the list of options by a
subset that can be configured per platform, in particular to use a
plugin system to override those choices.

Since configure.py we can use sys to get that information instead of
using a single list for all systems.

That is on my list but I have avoided it to disturb the process at this
stage.

If my memory serves me I think that Riki had been working on something
related to the platform concept.

> It seems there are two questions:
> 
> (1) Are we still concerned about a security issue?
> (2) Regardless of a security issue, is xdg-open what we want?
> 
> If the answer to (1) is "no", and there are mixed opinions about (2),
> maybe we can at least add "xdg-open" as the *last* option?
> 
> Potentially relevant as well:
> https://www.lyx.org/trac/ticket/11641
> 
> Interesting past discussions on xdg-open below. I didn't go through
> them
> too carefullly.
> https://www.mail-archive.com/lyx-devel@lists.lyx.org/msg133878.html
> https://www.mail-archive.com/lyx-devel@lists.lyx.org/msg152142.html
> 
> Scott

-- 
José Abílio


More information about the lyx-devel mailing list