Received: from mail.proteosys.com ([62.225.9.49]) by nummer-3.proteosys with Microsoft SMTPSVC(5.0.2195.4905); Wed, 17 Jul 2002 17:57:29 +0200 Received: by mail.proteosys.com (8.12.2/8.12.2) with ESMTP id g6HFv5Wi024328 for ; Wed, 17 Jul 2002 17:57:06 +0200 Received: from listserv.uni-heidelberg.de (listserv.uni-heidelberg.de [129.206.100.27]) by relay.uni-heidelberg.de (8.12.4/8.12.4) with ESMTP id g6HFjqWK023042; Wed, 17 Jul 2002 17:45:53 +0200 (MET DST) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C22DAA.A70AFA80" Received: from listserv (listserv.uni-heidelberg.de [129.206.100.27]) by listserv.uni-heidelberg.de (8.12.2/8.12.2/SuSE Linux 0.6) with ESMTP id g6GM04Ba006287; Wed, 17 Jul 2002 17:46:35 +0200 Received: from LISTSERV.UNI-HEIDELBERG.DE by LISTSERV.UNI-HEIDELBERG.DE (LISTSERV-TCP/IP release 1.8d) with spool id 8343 for LATEX-L@LISTSERV.UNI-HEIDELBERG.DE; Wed, 17 Jul 2002 17:46:35 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.5 Received: from relay2.uni-heidelberg.de (relay2.uni-heidelberg.de [129.206.210.211]) by listserv.uni-heidelberg.de (8.12.2/8.12.2/SuSE Linux 0.6) with ESMTP id g6HFaZrU012016 for ; Wed, 17 Jul 2002 17:36:35 +0200 Received: from relay-2.kkf.net (relay-2.kkf.net [62.8.210.31]) by relay2.uni-heidelberg.de (8.12.4/8.12.4) with SMTP id g6HFZYT8029456 for ; Wed, 17 Jul 2002 17:35:35 +0200 (MET DST) Received: (qmail 27859 invoked from network); 17 Jul 2002 15:31:29 -0000 Received: from unknown (HELO artinet.artcom-gmbh.de) (62.145.22.162) by 0 with SMTP; 17 Jul 2002 15:31:29 -0000 Received: (from uartcom@localhost) by artinet.artcom-gmbh.de (8.9.3+Sun/8.9.3) id RAA10470; Wed, 17 Jul 2002 17:35:05 +0200 (MEST) Received: from artcom8 by artinet.artcom-gmbh.de; Wed, 17 Jul 2002 17:35 MES In-Reply-To: <1026919436.1057.7.camel@laptop2.internal.licquia.org>; from licquia@debian.org on Wed, Jul 17, 2002 at 10:23:56AM -0500 Organization: ArtCom GmbH, Grazer Strasse 8, D-28359 Bremen References: <15667.17322.923787.604569@istrati.mittelbach-online.de> <20020716094829.A3002@birdsnest.maths.tcd.ie> <20020716204523.GF15546@deadbeast.net> <20020717023548.B3442@birdsnest.maths.tcd.ie> <20020717034653.GP15546@deadbeast.net> <200207170351.g6H3pZPE000972@bilbo.localnet> <20020717004421.U4147@engmail.engmail.uwaterloo.ca> <20020717113502.A11129@artcom8.artcom-gmbh.de> <1026919436.1057.7.camel@laptop2.internal.licquia.org> Return-Path: X-OriginalArrivalTime: 17 Jul 2002 15:57:29.0311 (UTC) FILETIME=[A73A6EF0:01C22DAA] mail-followup-to: debian-legal@lists.debian.org, "Liste: LaTeX3" User-Agent: Mutt/1.2.5.1i X-Scanned-By: MIMEDefang 2.6 (www dot roaringpenguin dot com slash mimedefang) x-disclaimer: The views expressed are my own and not necessarily that of my employers. >received: by artcom8.artcom-gmbh.de (Smail3.2 #1) id m17Uqol-000egLC; Wed, 17 Jul 2002 17:34:19 +0200 (CEST) Content-class: urn:content-classes:message Subject: Re: forwarded message from Jeff Licquia Date: Wed, 17 Jul 2002 16:34:19 +0100 Message-ID: A<20020717173419.H21649@artcom8.artcom-gmbh.de> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Re: forwarded message from Jeff Licquia Thread-Index: AcItqqdr7Ty8vB+JSIGUxHqPdGe36Q== From: =?iso-8859-1?Q?Martin_Schr=F6der?= To: Reply-To: "Mailing list for the LaTeX3 project" Status: R X-Status: X-Keywords: X-UID: 4318 This is a multi-part message in MIME format. ------_=_NextPart_001_01C22DAA.A70AFA80 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable On 2002-07-17 10:23:56 -0500, Jeff Licquia wrote: > On Wed, 2002-07-17 at 04:35, Martin Schr=C3=B6der wrote: > > On 2002-07-17 00:44:21 -0400, Simon Law wrote: > > > I can imagine latex.ltx containing a couple extra > > > \openin15=3D.ssh/identity , \openin15=3D.gnupg/secring.gpg and > > > \openout15=3D.shrc commands[2] as put there by someone who has = cracked an > > > > This is not possible on a default TeX installation. > > [quotes about security protections removed] > > So you agree that LaTeX can be the source of a security hole. Having No. The default installation of teTeX makes it extremly difficult (if not impossible) to open any security holes. If you are really concerned about security in TeX, you could and should enhance the web2c TeX distribution, not LaTeX. Best regards Martin P.S.: Your fear of security holes in LaTeX borders on either ludicrious or paranoid (seen from 25 years of TeX history); it is at best very hypothecial. P.P.S.: The same potential "security problems" are relevant to plain.tex, which everyone except Donald Knuth is forbidden to change. Are you going to stop distributing that? -- Martin Schr=F6der, MS@ArtCom-GmbH.DE ArtCom GmbH, Grazer Stra=DFe 8, D-28359 Bremen Voice +49 421 20419-44 / Fax +49 421 20419-10 ------_=_NextPart_001_01C22DAA.A70AFA80 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Re: forwarded message from Jeff Licquia

On 2002-07-17 10:23:56 -0500, Jeff Licquia = wrote:
> On Wed, 2002-07-17 at 04:35, Martin = Schr=C3=B6der wrote:
> > On 2002-07-17 00:44:21 -0400, Simon Law = wrote:
> > >   I can imagine latex.ltx = containing a couple extra
> > > \openin15=3D.ssh/identity , = \openin15=3D.gnupg/secring.gpg and
> > > \openout15=3D.shrc commands[2] as put = there by someone who has cracked an
> >
> > This is not possible on a default TeX = installation.
>
> [quotes about security protections = removed]
>
> So you agree that LaTeX can be the source of a = security hole.  Having

No.

The default installation of teTeX makes it extremly = difficult (if
not impossible) to open any security holes. If you = are really
concerned about security in TeX, you could and should = enhance the
web2c TeX distribution, not LaTeX.

Best regards
        = Martin

P.S.: Your fear of security holes in LaTeX borders on = either
      ludicrious or paranoid = (seen from 25 years of TeX history);
      it is at best very = hypothecial.
P.P.S.: The same potential "security = problems" are relevant to
        plain.tex, = which everyone except Donald Knuth is
        forbidden = to change. Are you going to stop distributing
        = that?
--
          &nbs= p;    Martin Schr=F6der, MS@ArtCom-GmbH.DE
          ArtCom = GmbH, Grazer Stra=DFe 8, D-28359 Bremen
          Voice = +49 421 20419-44 / Fax +49 421 20419-10

------_=_NextPart_001_01C22DAA.A70AFA80--