[tex-live] requirements for addition in shell_escape_commands

Élie Roux elie.roux at telecom-bretagne.eu
Thu May 14 15:06:54 CEST 2015


Dear All,

I'm writing you because I'm thinking about releasing a future version of
Gregorio on CTAN and, I hope, on TeXLive. GregorioTeX is just a few TeX
files, no problem, but it calls a small program called "gregorio", which
you can see the sources of here:

https://github.com/gregorio-project/gregorio/tree/develop

It's in C, it parses standard input or a file, and generates TeX on a
file, or stdout. It can also generate the same format as the input or
another text format. It can't call another program, can't execute
arbitrary commands, and doesn't require any external library or script
language, uses gnu c99 with fortify flags. If it ever gets into TeXLive,
would it be considered "secure" enough to be in the
shell_escape_commands? If not, what else would be needed? I'm asking now
in case there are additional developments to do before proposing inclusion.

Thank you,
-- 
Elie


More information about the tex-live mailing list