Non-human users of TeX Live
Vincent Lefevre
vincent at vinc17.net
Mon May 6 17:34:25 CEST 2024
Hi,
On 2024-05-06 13:46:12 +0100, Jonathan Fine wrote:
> Here's an example from another thread. There was a surprising update
> request to a font. I said that a malicious font could change the meaning of
> a document. Arthur Rosendahl replied:
>
> Surely users will check the typeset result to see if the contents actually
> > reflect the source, and can be trusted to judge for themselves?
>
>
> I think that here Arthur has assumed that all users are human, and will
> check that contents actually reflect the source. If the user is an
> automated service, the person who manages that user might not have the time
> or skill to check that contents actually reflect the source.
>
> This suggests that providing a secure and trusted supply chain for fonts,
> macros and other resources would help the managers of non-human TeX users.
Even for human users. As you said, not everyone check the whole
contents. For large documents that need to be rebuilt, this would
take too much time. Moreover, checking the contents may not be
reliable due to bugs in PDF rendering, such as
https://bugzilla.mozilla.org/show_bug.cgi?id=1873345
which makes text disappear.
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the tex-live
mailing list.