I was looking inside a Dorico-File-Zip-Container and found some information I would be happy not to share with others when sharing scores:
In [Zipfile]/supplementary_data/workspace/workspace.xml
→ Tag contains path of location the file was saved.
Problem: Could contain information like usernames, network-paths etc…
Could you please remove this tag in the next update?
Best regards,
Ben
We save this information so that we can remember the folder into which you want graphics to be exported, as part of our general policy to save the information you set in Print mode so that it can be reused the next time you open your project. It’s helpful in use cases where you are exporting graphics from the same project into e.g. a folder that allows the exported files to be picked up automatically, as is typical with page layout applications like InDesign.
I don’t think it’s unreasonable to save this information in our file format. I don’t want to make light of your security concerns, but it seems a pretty unlikely attack vector: presumably you are only sharing your Dorico files with people you know and trust in any case, so if you’re willing to send them data you have worked hard to create in Dorico in its original format rather than exporting e.g. a PDF and sending that, it suggests you have a trusted relationship with that recipient already. Also, knowing a folder path or the username of an account on an unknown system is not in itself sufficient information to allow a breach of your security.
Thank you for this explanation!
I am not really happy about this, but I can live with that.