Re: LaTeX & DFSG

[Jeff Licquia <licquia@debian.org>]

On Mon, 2002-07-22 at 07:29, David Carlisle wrote:
> In the case of security it is worth saying again that this
> 
> > Security is only one of many good reasons to change LaTeX, and it's
> > certainly a valid one, even for LaTeX.  The lack of security problems in
> > LaTeX is possible a happy accident of history rather than a real virtue
> > of its code.
> 
> is entirely false. You can not change a single line of the LPPL'ed core
> of latex and make it more or less secure.

Well, we will have to just agree to disagree, then.

I am of the opinion that any code written by humans can have faults that
can be abused by unscrupulous agents.  I have come to this conclusion
after losing faith too many times in the "absolute security" of some
scheme or other.  So, when I hear someone say that "this software can't
have security problems", I think, "bogus".

You could call it a philosophical opposition to declarations of
confidence in security.

> In an earlier message you said:
> 
> > You also seem to have a lot of faith in sandboxing.  Sandboxes work *if
> > the sandbox model is correct* and the implementation has no bugs. 
> 
> It isn't a question of having faith the sandbox is working it is just
> stating the obvious that if your sandbox is leaking you should fix the
> box not the sand.

Not all Java problems are problems with Java.  In some places, Java
programs enable security features they shouldn't, or disable features
they shouldn't.

The problem is that I do not believe that the security model of TeX and
the security model of LaTeX are absolutely equivalent.  They may be
close, but "close" doesn't cut it in the security world.

But I doubt we're going to convince each other.  I will remain satisfied
with the explanations about the euro.


-- 
To UNSUBSCRIBE, email to debian-legal-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org