When L. Peter Deutsch first added the file I/O operators to Ghostscript (1992?), I submitted a security patch to disable them by default, requiring you to use -dUNSAFE to enable them. He accepted the patch but reversed the logic, enabling them unless you provided the -dSAFER option. I no longer remember precisely how he handwaved away my concerns in his email, but it doesn’t matter.

I was right then, and I’m still right.

(At the same time, I also submitted a patch to the crude -dASCIIOUT option to make it possible to extract the text correctly and post-process it into a document that preserved formatting pretty well, but he only accepted half of it, because he was concerned that adding a Perl script to the base distribution would impair its portability…)

Comments via Isso

Markdown formatting and simple HTML accepted.

Sometimes you have to double-click to enter text in the form (interaction between Isso and Bootstrap?). Tab is more reliable.