Given that one must not forget to specify -dSAFER for safe ghostscript usage, why not make it default? Most programs need to specify it these days, so it would be benefitial I think. Add an option -dUNSAFE or similar to enable the unsafe things.
(In reply to Marcus Meissner from comment #0) > Given that one must not forget to specify -dSAFER for safe ghostscript usage, > why not make it default? > > Most programs need to specify it these days, so it would be benefitial I > think. > > Add an option -dUNSAFE or similar to enable the unsafe things. So, your suggestion is that we should break Postscript by default?
The answer here is simply 'no'.
Just a note that you could use the "GS_OPTIONS" environment variable set to "-dSAFER", and that option will be prepended to the Ghostcript options on every invocation, and can be overridden by specifying "-dNOSAFER" gs on the command line. All of which is in our documentation.
I am a bit astonished about the hard "no" because "man gs" currently reads ------------------------------------------------------------------- While SAFER mode is not the default, it is the default for many wrapper scripts such as ps2pdf and may be the default in a subsequent release of Ghostscript. ------------------------------------------------------------------- which I understand as if a request to have SAFER mode by default in a subsequent release of Ghostscript should be a valid request?
(In reply to jsmeix from comment #4) > I am a bit astonished about the hard "no" > because "man gs" currently reads We don't maintain the man pages, but in any event I don't feel constrained by the vague intentions of previous maintainers of the code. > which I understand as if a request to have SAFER mode > by default in a subsequent release of Ghostscript > should be a valid request? Your original request is valid, but the answer is still no.
It is o.k. for me that your answer is 'no'. I thought you maintain http://git.ghostscript.com/?p=ghostpdl.git;a=blob_plain;f=man/gs.1;hb=HEAD Regarding "the default for many wrapper scripts": Would it be o.k. for you if Linux distributors set up some kind of "wrapper" for /usr/bin/gs (e.g. a Unix alias or whatever is suitable) to get the SAFER mode by default also for plain "gs"?
(In reply to jsmeix from comment #6) > It is o.k. for me that your answer is 'no'. > > > I thought you maintain > http://git.ghostscript.com/?p=ghostpdl.git;a=blob_plain;f=man/gs.1;hb=HEAD > > > Regarding "the default for many wrapper scripts": > > Would it be o.k. for you if Linux distributors > set up some kind of "wrapper" for /usr/bin/gs > (e.g. a Unix alias or whatever is suitable) > to get the SAFER mode by default also for plain "gs"? See what I said in comment 3.
(In reply to jsmeix from comment #6) > It is o.k. for me that your answer is 'no'. > > > I thought you maintain > http://git.ghostscript.com/?p=ghostpdl.git;a=blob_plain;f=man/gs.1;hb=HEAD Oh, and no, we didn't write that, and we don't maintain it. Whoever contributed the man pages has long since disappeared, and they haven't been regularly updated since. We've occasionally meddled with the more heinous errors/omissions.
I saw your comment#3 but I understood it as if it was meant as an individual setting done intentionally by a user and not as a system default setting for all users.
(In reply to jsmeix from comment #9) > I saw your comment#3 but I understood it as if it was meant > as an individual setting done intentionally by a user and > not as a system default setting for all users. It's just an environment setting: it can be set for the system, or for individual users. Easy enough to add an entry to /etc/profile.d for it. Good luck dealing with the complaints!
Don't worry. Nothing will reach unexperienced users all of a sudden Nowadays we (i.e. openSUSE) have several layers of testing and verification when we introduce such kind of changes, cf. http://ghostscript.com/pipermail/gs-devel/2015-September/009817.html Personally I am even more interested to see what nowadays use cases fail when SAFER mode is the general default.
(In reply to jsmeix from comment #11) > Don't worry. > Nothing will reach unexperienced users all of a sudden > > Nowadays we (i.e. openSUSE) have several layers of testing > and verification when we introduce such kind of changes, cf. > http://ghostscript.com/pipermail/gs-devel/2015-September/009817.html > > Personally I am even more interested to see what nowadays > use cases fail when SAFER mode is the general default. Well, as I intimated above, you'll no longer be shipping a compliant Postscript interpreter, since SAFER prevents certain operators, required by the spec, from operating as defined. Are they used often? Perhaps not, but claiming compliance with a specification doesn't mean "we're compliant when/if we feel like it", otherwise there's plenty of other stuff we'd leave out of Postscript and PDF.....