Op 10-07-19 om 22:39 schreef Brüns, Stefan:
LyX could also warn the user if an image is only available as (E)PS, and tell the user how to convert it to e.g. PDF, iff the source is trusted. It could also detect if the EPS support in ImageMagick has been disabled (just create a 3 line PS file with just a black rectangle, and check the conversion result).
Just my 2¢,
Thanks for your input. As Johanness already replied, PDF is not really safer and it is also disabled in ImageMagick by default in (open)SUSE. You are right that the error message (because there is one) could be clearer. Maybe I can convince the LyX devs of that. I don't want to make openSUSE less secure. But I am also aware that when PS or PDF does not work in LyX (or anywhere else), users will look for solutions. The one who reported the bug did so and thought installing kimageformats-eps was the solution (apparently totally unaware that there is a security reason for not installing that). We can be pessimistic about solutions and do nothing, but that is not really me. I know there is no perfect solution here. What I am looking for is how to inform the (less advanced) user and direct him in a direction that he can make an informed choice and risk. Not all users will be interested in this, but there are those who are, who try to be responsible, but also need some work done. Offering the option to install an alternative configuration, that at least upstream ImageMagick devs think is ok, is the only way to go. But I don't want to enforce this on LyX users, so recommending this in the main package is not an option (I myself am fine using LyX with the default SUSE hardening). Let's see for now what happens. If more reports are made about this issue, either in bugzilla, or mailing-lists, or forums, then I will give it some further thought. (Is ghostscript also considered unsafe? In my workflow having this installed is unavoidable. I would then need to remove hplip and gimp, a.o. But that is not for this list.) Thanks for all input, Cor -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org