Re: LaTeX & DFSG

To: Jeff Licquia <licquia@debian.org>, debian-legal@lists.debian.org
Subject: Re: LaTeX & DFSG
From: David Carlisle <davidc@nag.co.uk>
Date: Mon, 22 Jul 2002 13:29:19 +0100
Message-id: <[🔎] 200207221229.NAA14506@penguin.nag.co.uk>

> Let's take an example that will likely resonate with typesetters a bit
> more: the euro.  How did you arrange to add the euro symbol to TeX and
> LaTeX?  What would have happened if I would have needed a euro symbol
> before it was added?

You do the same before as after

you find (or make) some font that has the symbol, and find (or make) a
package that loads that font and then go
\usepackage{somepackage}

As it happens more recent latex distributions have contained such a
package, which saves some of the searching but there's no difference
in what the end user needs to do.

This is just part of the general case: there is no technical reason (not
even security issues) why anyone _needs_ to modify the latex kernel.
All behaviour may be modified without doing that, and any functionality
that you know how to implement can be added. that is what Free software
is about.

In the case of security it is worth saying again that this

> Security is only one of many good reasons to change LaTeX, and it's
> certainly a valid one, even for LaTeX.  The lack of security problems in
> LaTeX is possible a happy accident of history rather than a real virtue
> of its code.

is entirely false. You can not change a single line of the LPPL'ed core
of latex and make it more or less secure.

latex is designed to take documents from elsewhere and run them on your
machine. As such it does have real security concerns, but if you find a
latex document that poses a security threat, there is _no_ change you
can make to the LPPL'ed latex code that will get rid of that threat.
Whatever change you make to latex, I can produce another document that
just restores the old code and then poses the same danger as the first.
Every part of latex is accessable and changeable from every latex document.

To make latex secure you need to make sure that the virtual machine it
runs in is secure. Ie you need to know tex is secure. If TeX is secure
then it doesn't matter whether the tex macros are in a document or in
the core latex files; the same security applies to both. If TeX isn't
secure then that is bad but there is nothing you can do about it in latex.

In an earlier message you said:

> You also seem to have a lot of faith in sandboxing.  Sandboxes work *if
> the sandbox model is correct* and the implementation has no bugs. 

It isn't a question of having faith the sandbox is working it is just
stating the obvious that if your sandbox is leaking you should fix the
box not the sand.

David

_____________________________________________________________________
This message has been checked for all known viruses by Star Internet
delivered through the MessageLabs Virus Scanning Service. For further
information visit http://www.star.net.uk/stats.asp or alternatively call
Star Internet for details on the Virus Scanning Service.


-- 
To UNSUBSCRIBE, email to debian-legal-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: LaTeX & DFSG
  - From: Jeff Licquia <licquia@debian.org>

Prev by Date: AW: A few more LPPL concerns
Next by Date: Re: defining "distribution" (Re: A few more LPPL concerns)
Previous by thread: Re: AW: A few more LPPL concerns
Next by thread: Re: LaTeX & DFSG
Index(es):
- Date
- Thread