[tex-live] install-tl-windows.bat unavailable in Microsoft Store

George Georgalis george at galis.org
Tue Dec 11 19:49:14 CET 2018

On Tue, Dec 11, 2018 at 2:08 AM Zdenek Wagner <zdenek.wagner at gmail.com>

> út 11. 12. 2018 v 1:20 odesílatel Norbert Preining <preining at logic.at>
> napsal:
> >
> > On Mon, 10 Dec 2018, George Georgalis wrote:
> > > users have to integrate tex to their platform every time they install
> a new
> > > os anyway. I'm suggesting taking ownership of the platform to run the
> text
> > > processing environment. It's not like the effort of owning OS
> maintenance,
> >
> > Could you be more specific? This sounds very much like sales person
> blabla.
> > I am using all the above and more technologies daily for my job, and
> > none of them is a solution for the problem at hand.
> >
> I am another person who is eager to know greater details. How can
> tlmgr and lua overcome the problems of the S-mode by running inside a
> container?

Well, I'm not particularly interested in contributing to a "community" that
rejects my comments about a framing a viable solution with pessimism and
cynicism. A constructive response identifies specific technical gaps for
consideration. I will go another step to explain my vision of viability

I do not know how tlmgr works, but my first guess at enabling "lua" to pass
a security audit would be to distribute it without os.execute() and similar
functions. Sure that would be a formidable effort.

We should ground our perspective with the big picture, the intent of
s-mode. I don't do windows, and I don't know exactly, but I have enough
experience to make a very good guess. To certify for the store, signed
applications probably go through a vetting process that determines if they
are "safe" so an application capable of executing arbitrary downloaded
binaries (cmd.exe) would fail.

I really didn't mean to use 'docker' but to use a 'minimalist container
like framework' (such as..). Is there any kind of chroot  jail already
available in the store? If so that would be a place to start.  Any solution
MUST NOT enable an opportunity to corrupt or otherwise exploit any
unintended data or resources. Isolating a context, a sandbox, that allows
tex-live to operate within these constraints is a principle requirement. If
you ignore that, there is no point in  discussing further. Then again I
could be wrong, maybe the store will allow you to install software to
create network sockets, execute arbitrary binaries, and read/write
arbitrary user data...

In any event, good luck!


George Georgalis, (415) 894-2710, http://www.galis.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://tug.org/pipermail/tex-live/attachments/20181211/1f9e9358/attachment-0001.html>

More information about the tex-live mailing list