[tex-live] GPG message using tlpretest on OSX
Angelo Graziosi
angelo.graziosi at alice.it
Mon Apr 18 23:36:11 CEST 2016
Il 18/04/2016 22:59, Reinhard Kotucha ha scritto:
> On 2016-04-18 at 21:57:04 +0200, Angelo Graziosi wrote:
>
> > Norbert Preining wrote:
> > > Are you ready to defend TUG in front of an US court? If not, please
> > > stop bothering us.
> >
> > I am afraid bothering you, but this is one more reason to remove this
> > from TL2016...
>
> No, this can never be a reason.
>
> And even if you can convince Norbert to add an option which allows to
> control this behavior, everything which enhances security has to be
> turned on by default. Always.
>
> It seems that you prefer convenience to security. Not a good idea,
No, I don't prefer convenience but you are changing the policy of TL.
It was to make TL as much as possible self-contained adding programs it
needs in the distribution. Only rarely you allowed that someone of those
program were already installed on the OS..
Now, you not only do not add the program (for any noble reason that you
want) but also allow for it to not be installed or not available from
the OS. It is the first time I "hear" this kind of argument on this list..
If you want add that, it should be off by default. Then you can say:
Dear user, have you installed gpg? May you install it? yes? do you
want to check for security? yes? then enable it with:
tlmgr option gpg 1
What is the logic of installing something that then, perhaps, you can
not use?
This is my opinion.
Do you like that? DO that, but it is only a security illusion..
Angelo
More information about the tex-live
mailing list