On Mittwoch, 10. Juli 2019 21:10:20 CEST Cor Blom wrote:
Hi all,
A week ago I asked on this list about ImageMagick's security settings, because it is an issue when using LyX.
A follow-up question: would it be acceptable if LyX requires/recommends ImageMagick-config-7-upstream instead of going with the default?
This question comes from one of the main developers of LyX, in whose opinion LyX with a crippled ImageMagick is not really usable and when we leave it to the (informed) user to make the change, we make it more difficult for average users.
I wouldn't call it crippled, but hardened ... I would even recommend doing the opposite, recommend the *secure* config, not exposing the user to known security problems. LyX can work properly even without EPS/PS support, just use PNG, JPEG (or almost any other raster format) or PDF (which e.g. SVG can be converted to) for graphics and illustrations. LyX could also warn the user if an image is only available as (E)PS, and tell the user how to convert it to e.g. PDF, iff the source is trusted. It could also detect if the EPS support in ImageMagick has been disabled (just create a 3 line PS file with just a black rectangle, and check the conversion result). Just my 2¢, Stefan -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org