|
|
|
|
|
|
by dmurray
1775 days ago
|
|
|
Why not? Because it might not terminate in a reasonable time? Being Turing-complete doesn't mean being an attack vector: when reasonably sandboxed, the LaTeX code is still confined to producing an output document, not exfiltrating your secret data or holding you to ransom. |
|
|
Yes. The publishers are in business for their readers, not their authors, even though those audiences often overlap. If putting a hardship on their authors will help their readers, even in a notional sense—"because of the restrictions we put on TeX documents, the people we need to hire to deal with TeX only have to have basic skills, and so we are better able to concentrate resources elsewhere in the workflow"—then they will. (I'm not defending this choice, just reporting on it. A recent dealing with IMRN made it horrifyingly clear how little their TeXnical staff understands about the most basic TeX.)
> Being Turing-complete doesn't mean being an attack vector: when reasonably sandboxed, the LaTeX code is still confined to producing an output document, not exfiltrating your secret data or holding you to ransom.
Everything is an attack vector, and Turing complete things are even more so. Plenty of people have thought that they have reasonably sandboxed things and found out later that they hadn't. TeX is an incredibly reliable piece of software, and I'm sure great strides have been made in making it also a secure piece of software, but the security features have received much less battle testing and so should be trusted less.