Next Release?

Scott Kostyshak skostysh at lyx.org
Tue Aug 29 12:32:44 UTC 2023


On Tue, Aug 29, 2023 at 02:16:01PM +0200, Daniel wrote:
> On 2023-08-29 13:16, Pavel Sanda wrote:
> > On Mon, Aug 28, 2023 at 08:49:30PM -0400, Richard Kimberly Heck wrote:
> > > > Options are, we postpone this for 2.4.1 as this is not fileformat change.
> > > > If deemed too dangerous, we can temporarily disable the feature and enable
> > > > it again with the safeguards, your call here.
> > > 
> > > Can you remind me where all this stands? Was there a bug for this?
> > 
> > Not bug, just the recent thread on ML.
> > 
> > The situation as I see it:
> > 1) There seems to be consesus that:
> >     - we should ask the user by dialog before launching a) hyperlinks b) citation urls from bib file c) lyxpaperview searches.
> >     - the dialog should have  "don't ask me again" option remembered per file
> >     - the dialog should explicitly contain URL/link itself
> > 
> > 2) There is hesitation whether to have general RC variable to disable the dialog above in general.
> > 
> > 3) Either add security warning (tooltip?) to Control>Search drive for cited files
> >     or move the whole checkbox to Converters>Security and make it obvious that way
> >     The move itself makes more sense in case we go for 2 to group everything on one spot.
> > 
> > 
> > The immediate security concern is covered by 1.
> > 2 can be added later or never. 3 is disabled by default and hint can be added later as well.
> > 
> > Pavel
> 
> I am wondering whether the "don't ask me again" choice should be remembered
> per document only for the current session. I think VC Code does this. Maybe
> since across session settings seem to be tricky to undo. Does that make
> sense?

From what I understand, you're saying that if I say "don't ask me again
(for the current session)", when I open LyX it will then ask me again,
right? This would be more strict, in a security sense. However, I would
prefer for it to not be only for the current session. For me the
question is really "do you trust this document?" and that won't usually
change session to session, although to your point I can imagine some
cases where it could.

Good point also that it's not obvious how to undo. We can't expect a
user to know where to find the session file and to remove the line.

> Or would that be too annoying?

In my opinion yes. I would just become desensitized to the dialog and I
think it would in the end become less secure.

Scott
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.lyx.org/pipermail/lyx-devel/attachments/20230829/613a5593/attachment-0001.asc>


More information about the lyx-devel mailing list