[luatex] [tex-live] lltxplatform integration

Hans Hagen pragma at wxs.nl
Fri Jun 5 02:51:46 CEST 2015 

On 6/4/2015 11:27 AM, Zdenek Wagner wrote:

>> Does it mean ConTeXt users will have all the nice swig modules, while
>> TeXLive users won't? Seems a bit unfair... This also means that TeXLive
>> will have a reduced ConTeXt?

(1) TexLive is a stable yearly snapshot ... and it has a complete 
context. Of course context betas can support new and experimental things 
but that is unrelated to a distribution. There is hardly any code on my 
machine that i snot in the distribution.

(2) Context will never rely on extra modules. There might be support for 
some (e.g. there is some support for mysql and so) but those are not 
needed for regular typesetting. The whole idea of luatex is to delegate 
to lua cq. extend via lua so creating more dependencies contradicts this.

(3) What works for context also can work or other macro packages, but 
the way things get integrated can differ. So, what works in context 
might not work in latex or plain and vice versa. The choice for swiglib 
means that we stick to the original apis but can write macro package 
specific wrappers around it.

>>> then they are optionals --- i.e. the user chooses to install them ---
>>> and the developer has the responsibility to fix the problems.
>>
>> But this also means that the average user can't install them (installing
>> such a thing under Windows is way beyond average Windows user's
>> ability). Even distributing shared libaries for LuaTeX through luarocks
>> and asking users to install them is, I believe, confusing for the
>> average user...

The few times that I had to use e.g. luarocks it was such a nightmare 
compared to a regular tex installation that I decided to use just luatex 
(texlua) as lua engine. (Btw, one can just use some of the libraries 
shipped as rocks with luatex.) (Ok, I also make sure that  the whole 
bunch of libraries that ships with context can be used with stock lua so 
that in practice one doesn't see a difference.)

> The solution is to educate users. All security problems stem from
> hiding important knowledge, offering security settings in a not
> understandable way and pretending false security. If you offer an easy
> access to potentially vulnerable or malicious libraries to uneducated
> users, you are doin a misservice. For uneducated users reduced but
> safe system is more valuable than a potentially vulnerable systems.
> Thos who need higher functionality should understand the risk and
> should be educated.

Personally I'm not too worried about security but more about the 
complexity of a tex system. We have a rather clear tds structure which 
helps support. The more libraries (small or large) we depend on the 
worse it gets (in terms of maintainance, dependencies, whatever). To 
some extend the current luatex is already a bit over the top.

Hans

-----------------------------------------------------------------
                                           Hans Hagen | PRAGMA ADE
               Ridderstraat 27 | 8061 GH Hasselt | The Netherlands
     tel: 038 477 53 69 | voip: 087 875 68 74 | www.pragma-ade.com
                                              | www.pragma-pod.nl
-----------------------------------------------------------------

More information about the luatex mailing list