[tex-live] movie15 and media9

Zdenek Wagner zdenek.wagner at gmail.com
Tue Mar 20 01:29:45 CET 2012


2012/3/20 Reinhard Kotucha <reinhard.kotucha at web.de>:
> On 2012-03-19 at 09:11:38 +0900, Norbert Preining wrote:
>
>  > Hi Simon,
>  >
>  > as I wrote in the email answering Reinhard, *please*read* the
>  > emails and try to understand them before answering.
>  >
>  > I answered on Phil's assertion that
>  >    "There is no possible reason for them not to do so [install acro*]
>  > other than prejudice or dogma."
>  > which I rejected simply by giving reasons not based on prejudice or
>  > dogma, but simply on privacy and security.
>  >
>  > If you or anyone accepts this treat, or has set up a save
>  > environment that this does not happen, I don't mind if you use
>  > acro*, I just made clear that there are *valid* reasons not to use
>  > it.
>
> Hi Norbert, let me clarify two things:  You said
>
>  > * horrible security history
>  > * "phoning home" javascript
>  > * what else do you want ???
>  >
>  > Using acro* is simply wrong, and energy should be invested in
>  > improving open source viewers, not preaching for a horrible
>  > dangerous and privacy ignoring product.
>
> At a first glance one gets the impression that Adobe deliberately
> created a trojan horse in order to "phone home" (to Adobe).  That
> would be unacceptable, of course.
>
> The guys who wrote the article you cited [1] complained about the
> inclusion of JavaScript in general and provided an example where this
> feature had been abused (not by Adobe).  It was certainly Adobe's
> fault to execute JS code without notification, but they didn't create
> a trojan horse deliberately, at least.
>
> Adding a scripting language is always critical in respect of
> security.  But hyperlinks are dangerous too, they simply postpone the
> problem to the web browser, which probably executes JS code...
>
If I understand JS security, there is a big difference. If JS runs in
a web browser, it can only connect to the server which provided the
web page and the script cannot read arbitrary local files. If the
script runs in AR within a file saved in your computer, it can connect
to any server and has full access to your disk. It can read any file
and send it to any server.
>
> Secondly, I *read* your mails, but maybe my point of view is a little
> bit different than yours.  I understand yours, but what's most
> important to me is that I can use free software at work, in particular
> Linux and (Lua)TeX.  But I have to use non-free software too.
> Fortunately, one of the most important programs is available on Linux,
> the other one runs fine under Wine.  I'm in luck ATM for two reasons:
> I don't need many non-free programs and my boss is familiar with Linux
> and TeX too.  But in many other companies free software is not
> welcomed, in almost every bigger company it's even disallowed.
>
> The reason is certainly because those who make decisions (Martin calls
> them "Schlipsträger") believe that Linux and free software is only
> good for geeks and for serious work Windows is needed.
>
> It would definitely be helpful if more companies port their (non-free)
> software to Linux.  In order to achieve this, the least thing we can
> do is _not_ to regard everything non-free as an evil.
>
> Please note that I'm not talking about TeX Live policies but about our
> slightly different points of view.  You are promoting free software,
> which is definitely fine.  I prefer free software too.  But I'm also
> interested to pull vendors of commercial software into the boat.  On
> the other hand, if we regard everything which is not free in the FSF
> sense and not open source, as an evil, I believe that Linux will be
> regarded as a playground for geeks forever.
>
> [1] http://lwn.net/Articles/129729/
>
> Regards,
>  Reinhard
>
> --
> ----------------------------------------------------------------------------
> Reinhard Kotucha                                      Phone: +49-511-3373112
> Marschnerstr. 25
> D-30167 Hannover                              mailto:reinhard.kotucha at web.de
> ----------------------------------------------------------------------------
> Microsoft isn't the answer. Microsoft is the question, and the answer is NO.
> ----------------------------------------------------------------------------
>



-- 
Zdeněk Wagner
http://hroch486.icpf.cas.cz/wagner/
http://icebearsoft.euweb.cz



More information about the tex-live mailing list