-----BEGIN PGP SIGNED MESSAGE-----
On Thursday, 2013-11-07 at 11:44 -0200, Luiz Fernando Ranghetti wrote:
Of course Carlos case is a valid case and indeed he
needs acroread, but is
a corner case.
All utility here (electricity, gas, water, telephone, etc) send their
receipts via paper, but all of them push for the clients to switch to
"electronic receipts", which mean PDF, and usually those PDFs are signed.
Unless signed electronically they don't have legal value; with the
signature, they are valid.
Only acroread supports signature verification. I have tried the same
receipt on okular and evince, and they don't even say there is a
(interestingly, the receipt was generated not by adobe software,
but by 3-Heights(TM) PDF Producer)
The other feature is PDF XFA form filling. None of the available open
source programs fully support forms. You need acroread to at least compare
and see if the alternatives are good enough or not, per case. These forms
(interestingly, one of the samples posted here was produced by AFPL
Ghostscript 8.53, not adobe)
Those are two cases that require adobe software, and they affect many
users. In Windows I understand there are alternatives, but not in Linux.
Acroread in Wine does not work, except version 8 (according to wine docs),
and that is as bad as directly using Linux version number 8 or 9. Many
Linux users have also Windows machines, but I try to avoid booting to
Windows as much as I can.
It can be argued that there may be other methods to generate such forms
and signed document with open means. Perhaps. However, those
organizations, many of them, have chosen PDF, even if they don't use
adobe software to generate them. Surely they have explored the market to
find out what is available, thus also surely PDF is the best out there.
Previously I thought that Adobe had sold their product very well, but
finding out that the PDFs are often generated by alternate software, that
is no longer the explanation.
So, what exactly are the security risks I get into by opening local PDF
files (generated by reputable sources, such as governments) with acroread
in Linux? Can they be avoided or limited with a good AppArmor profile?
If the danger is in the Firefox plugin, for instance, that can be removed
with less trouble.
Carlos E. R.
(from 12.3 x86_64 "Dartmouth" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
-----END PGP SIGNATURE-----
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org