On Thu, 2013-11-07 at 20:24 +0100, Carlos E. R. wrote:
On Thursday, 2013-11-07 at 11:44 -0200, Luiz Fernando Ranghetti wrote:
Of course Carlos case is a valid case and indeed he needs acroread, but is a corner case.
All utility here (electricity, gas, water, telephone, etc) send their receipts via paper, but all of them push for the clients to switch to "electronic receipts", which mean PDF, and usually those PDFs are signed. Unless signed electronically they don't have legal value; with the signature, they are valid.
Only acroread supports signature verification. I have tried the same receipt on okular and evince, and they don't even say there is a signature.
(interestingly, the receipt was generated not by adobe software, but by 3-Heights(TM) PDF Producer)
The other feature is PDF XFA form filling. None of the available open source programs fully support forms. You need acroread to at least compare and see if the alternatives are good enough or not, per case. These forms may contain javascript code.
(interestingly, one of the samples posted here was produced by AFPL Ghostscript 8.53, not adobe)
Those are two cases that require adobe software, and they affect many users. In Windows I understand there are alternatives, but not in Linux. Acroread in Wine does not work, except version 8 (according to wine docs), and that is as bad as directly using Linux version number 8 or 9. Many Linux users have also Windows machines, but I try to avoid booting to Windows as much as I can.
It can be argued that there may be other methods to generate such forms and signed document with open means. Perhaps. However, those organizations, many of them, have chosen PDF, even if they don't use adobe software to generate them. Surely they have explored the market to find out what is available, thus also surely PDF is the best out there.
Previously I thought that Adobe had sold their product very well, but finding out that the PDFs are often generated by alternate software, that is no longer the explanation.
So, what exactly are the security risks I get into by opening local PDF files (generated by reputable sources, such as governments) with acroread in Linux? Can they be avoided or limited with a good AppArmor profile?
If the danger is in the Firefox plugin, for instance, that can be removed with less trouble.
So, for some simple pdf okular & Co are apparently good enough. But as Carlos wrote, it isn't working for more complicated ones. Counting options.... A) Obviously keeping acroread forever isn't an option B) keeping it for now is just postponing the inevitable C) telling people, that if they want, they can install an ancient version of acroread is just as bad as A) D) in the beginning of this thread, someone suggested running a recent version of acroread under wine. -> When doing such thing, doesn't that involve any security risks? <- -> What is the chance of providing this for the "default end-user" <- -> Would it be allowed (if even possible) to create such a nested&foreign package <- E) Worst case scenario, having to install W7, just for viewing/filling PDF's Any other options???? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org