On Thu, Nov 7, 2013 at 9:39 PM, Wolfgang Rosenauer wrote:

...

a) download it from adobe yourself b) use something else

are not good enough. If (a) was a real solution, why are we building building a distro at all. (b) is not a solution because there is no 100% replacement for acroread. To the other comment: We are building a distribution out of free software to make it easy for people to start working immediately. acroread is not part of the operating system, it's not OSS, it's not

Am 07.11.2013 14:31, schrieb Per Jessen: maintained which for non-OSS means, it's vulnerable by design and I guess its track record proves that it is highly vulnerable.

More plain explanation: We didn't build an open source distribution to run commerical software. That's, well, at least not the aim for a community project. Commerical software ran before because the company behind it (Adobe) wanted to have it running. It was not because we work hard to have it (of course, still some work done). It's a close-source stuff so basically we totally have no idea of what's inside that black box. It's not even built from source but from binary. So basically, the only difference between the rpm downloaded from Adobe and the one in our repository is just where it's download from. There're no superior bits in our rpm. And you can even take that we had acroread in non-oss before as a side-effect. It's simply because when SUSE Linux made the deal with Adobe, it took us into consideration and made sure the deal covers openSUSE too. or acroread didn't suppose to be here at all. So besically it's not a "take away". I'd better take it as: I used some applications misplaced and doesn't belong to me. Marguerite -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

2013/11/7 Carlos E. R. :

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Thursday, 2013-11-07 at 11:44 -0200, Luiz Fernando Ranghetti wrote:

...

Of course Carlos case is a valid case and indeed he needs acroread, but is a corner case.

All utility here (electricity, gas, water, telephone, etc) send their receipts via paper, but all of them push for the clients to switch to "electronic receipts", which mean PDF, and usually those PDFs are signed. Unless signed electronically they don't have legal value; with the signature, they are valid.

Hi, Here the receipts (banks, etc) have an autentication code [1] wich one can verify and validate on the bank itself. Regards, Luiz [1]http://paste.opensuse.org/5409202 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On Thursday 07 November 2013, Carlos E. R. wrote:

On Thursday, 2013-11-07 at 11:44 -0200, Luiz Fernando Ranghetti wrote:

...

Of course Carlos case is a valid case and indeed he needs acroread, but is a corner case.

All utility here (electricity, gas, water, telephone, etc) send their receipts via paper, but all of them push for the clients to switch to "electronic receipts", which mean PDF, and usually those PDFs are signed. Unless signed electronically they don't have legal value; with the signature, they are valid.

Only acroread supports signature verification. I have tried the same receipt on okular and evince, and they don't even say there is a signature.

(interestingly, the receipt was generated not by adobe software, but by 3-Heights(TM) PDF Producer)

The other feature is PDF XFA form filling. None of the available open source programs fully support forms. You need acroread to at least compare and see if the alternatives are good enough or not, per case. These forms may contain javascript code.

Seriously, have you tried google-chrome's built-in pdf viewer yet? This is one of the closed source parts of chrome and I could imagine that it's less broken than okular, evince and friends. Moreover could be that many pdf creaters have tested their pdfs with chrome because it has so widely useed and the build-in viewer is enabled by default. cu, Rudi -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday, 2013-11-07 at 21:13 +0100, Ruediger Meier wrote:

However if you ever complain at your gas company you could say you have tried google-chrome. That may sound more reasonable for them as xpdf or evince :)

Their answer: use acrobat on Windows, as everybody. It is your stupid fault for using... what did you say, linws? What on earth is that? Never heard of it. Use Windows, that's what we test. Don't be stupid. Or words to that effect. - -- Cheers, Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlJ8PhQACgkQtTMYHG2NR9UZygCdFH4jNuya78uAIdIxfzMyVFfZ hBEAnixXg7vxe9G6ZNo8/YGXmW6VhEiw =7ynt -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2013-11-08 at 04:22 +0100, Jan Engelhardt wrote:

On Friday 2013-11-08 02:27, Carlos E. R. wrote:

...

Their answer: use acrobat on Windows, as everybody. It is your stupid fault for using... what did you say, linws?

Just name Android for a change — they cannot excuse themselves from that ;)

I don't know if you can view PDFs with certificates in Android, and I would never try, anyway. No privacy guaranteed. I bought an Android phone before realising the privacy concerns, because they told me that was the IN brand of smart phone to have. You can handle banking from android, too. I'm not keen on trying. Actually, some of my goverment agencies do create software for android. I have one gadget informing me of road conditions and warnings like snow storm road blocks. Useful. No privacy concern, I think. I guess. Dunno. Sigh... - -- Cheers, Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlJ84vcACgkQtTMYHG2NR9UREgCgiRiN1Hntse4gO6U8LlMNQhu3 SlEAoJZPXdwlheikenbUZYAKVkJiEo66 =Dk7R -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday, 2013-11-07 at 22:12 +0100, Hans Witvliet wrote:

D) in the beginning of this thread, someone suggested running a recent version of acroread under wine.

Does not work. According to the wine people, the last version to work is number 8.

E) Worst case scenario, having to install W7, just for viewing/filling PDF's

That is what I said at the start.

Any other options????

An old version of acrobat, or Windows. Nothing else. Maybe there is a webservice to render the documents, but that has privacy concerns that maybe worse. - -- Cheers, Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlJ8P1IACgkQtTMYHG2NR9VV9wCfYzSGkS9+QlWl11KhmAoaAnRH 9usAn37ULLBxkNgZRbdvVPm0VT2eGVzF =tN6X -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Hello, On Nov 8 10:50 John Layt wrote (excerpt):

It's a key problem that needs investment

Investment needs money and money comes from customers who pay so that the crucial question is whether or not customers who pay are interested in a free software solution for PDF processing or if the Adobe Reader as provided by Adobe for free (for no money) is sufficient for customers who pay. Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH -- Maxfeldstrasse 5 -- 90409 Nuernberg -- Germany HRB 16746 (AG Nuernberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Hello, - probably off topic (or not?) - On Nov 8 11:08 Wolfgang Rosenauer wrote (excerpt):

BTW, we will face a very similar situation with Flash soon and it'll be much more of a pain until alternatives are ready and polished enough.

Oh my God for haven's sake I am shocked what should I do my way of life breaks down how can I use the Internet how can I watch videos must I really go out and get in contact with reality or even enter a cinema... ;-) Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH -- Maxfeldstrasse 5 -- 90409 Nuernberg -- Germany HRB 16746 (AG Nuernberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Hello, On Nov 8 11:30 Wolfgang Rosenauer wrote (excerpt):

Unfortunately still by now some infrastructure WebUIs are built on Flash technology.

Fortunately all broken-by-design stuff will go where it belongs. Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH -- Maxfeldstrasse 5 -- 90409 Nuernberg -- Germany HRB 16746 (AG Nuernberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On 11/8/2013 7:48 AM, Johannes Meixner wrote:

Hello,

On Nov 8 11:30 Wolfgang Rosenauer wrote (excerpt):

...

Unfortunately still by now some infrastructure WebUIs are built on Flash technology.

Fortunately all broken-by-design stuff will go where it belongs.

Even if your bosses paid $250,000.00 for it only last year... Hey whatever, who needs raises or jobs, as long as you don't have to worry about annoying flash. -- bkw -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2013-11-08 at 11:21 +0100, Johannes Meixner wrote:

- probably off topic (or not?) -

Yes :-)

On Nov 8 11:08 Wolfgang Rosenauer wrote (excerpt):

...

BTW, we will face a very similar situation with Flash soon and it'll be much more of a pain until alternatives are ready and polished enough.

Oh my God for haven's sake I am shocked what should I do my way of life breaks down how can I use the Internet how can I watch videos must I really go out and get in contact with reality or even enter a cinema... ;-)

Flash is not only videos. There are sites, even banks, that use flash for menus. You can not even work with them if you block flash. Yes, it is disgusting, but such are things. Yes, of course I hope they change to some other thing. The sooner the better. - -- Cheers, Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlJ8490ACgkQtTMYHG2NR9WErwCgg32jZ3LjiMhj/2oCF1XVWqqH lI0An1DN4yr+o1aho1dfgTKkQhyzHkyU =J8ze -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2013-11-08 at 14:45 +0100, Johannes Meixner wrote:

...

There are sites, even banks, that use flash for menus. You can not even work with them if you block flash.

You do online banking with a bank (i.e. you trust it) that uses flash for its online banking web pages?

What do you expect me to do? I have to live. - -- Cheers, Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlJ9IusACgkQtTMYHG2NR9X2fQCeMGdL5D5Qr2+vU1sJaKCTsnIw e5gAnRayLNTGcLTCXF+NJ8mKGFWYqpWJ =1cHa -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2013-11-08 at 13:09 -0500, Felix Miata wrote:

Not to expect it would do so, but ask the bank to provide you with a Windows license. It might get it to understand that embedding proprietary features in its web site causes customers to need non-free software (Windows, not Flash or Acroread) that they otherwise have no need for, or that their hardware cannot support.

In this country, Windows is gratis. That's what they tell me. Most people pirate it, anyway. And if it is not, busineses like people spending money on other busineses, so your argument doesn't buy any butter with them. Consider: if I have to phone my bank to do some operation - for instance, my credit card is stolen, so I call to cancel it - I have to call a 902 phone. These numbers pay extra, no matter if my phone plan include free calls all day everywhere in the country. These calls cost extra, and not cheap. They *love* me paying for things. You have to pay for Windows? Perfect! Wonderful" - -- Cheers, Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlJ9iyQACgkQtTMYHG2NR9UNcwCeOBc1ex++JyIO616kOwz2a5I/ XcUAn2J3BApEp7x+akBki1rGdlvkK2tp =SUXu -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Carlos E. R. - 18:44 8.11.13 wrote:

On Friday, 2013-11-08 at 14:45 +0100, Johannes Meixner wrote:

...

...

There are sites, even banks, that use flash for menus. You can not even work with them if you block flash.

You do online banking with a bank (i.e. you trust it) that uses flash for its online banking web pages?

What do you expect me to do? I have to live.

Offtopic as the whole thread, but I would switch the bank that requires me to do silly and potentially dangerous stuff. I don't want to loose my hard worked for money. And I already switched bank because of totally broken internet banking in past. If you are willing to go through such a loops just because they say so, installing proprietary dangerous software seems not so much different. -- Michal HRUSECKY SUSE LINUX, s.r.o. openSUSE Team Lihovarska 1060/12 PGP 0xFED656F6 19000 Praha 9 mhrusecky[at]suse.cz Czech Republic http://michal.hrusecky.net http://www.suse.cz -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On 11/8/2013 5:21 AM, Johannes Meixner wrote:

Hello,

- probably off topic (or not?) -

On Nov 8 11:08 Wolfgang Rosenauer wrote (excerpt):

...

BTW, we will face a very similar situation with Flash soon and it'll be much more of a pain until alternatives are ready and polished enough.

Oh my God for haven's sake I am shocked what should I do my way of life breaks down how can I use the Internet how can I watch videos must I really go out and get in contact with reality or even enter a cinema...

Try the vmware vcenter client for managing entire vmware clusters. Requires flash and none of the flash alternatives works. And it's the only way to admin those clusters and hosts and vms and storage pools and network and firewall infrastructure. Well one other option, you could install a real install of full Windows and install a 400 meg download on that. That is a native Windows vcenter admin app. There are countless other special purpose things like that. Some built into hardware that is not updatable and/or will never see another update since the manufacturer may not even exist anymore to do it even if they did care, which they don't. It's not all cat videos. Thanks for caring. -- bkw -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2013-11-08 at 11:08 +0100, Wolfgang Rosenauer wrote:

Am 08.11.2013 10:57, schrieb Johannes Meixner:

...

On Nov 8 10:50 John Layt wrote (excerpt):

...

...

It's a key problem that needs investment

Investment needs money and money comes from customers who pay so that the crucial question is whether or not customers who pay are interested in a free software solution for PDF processing or if the Adobe Reader as provided by Adobe for free (for no money) is sufficient for customers who pay.

as Adobe stopped providing the Reader for Linux, commercial distributions have the same issue (same as free ones used for commercial purposes). Linux Desktops (not much) are in use in public service environments worldwide and in case SUSE will provide a SLED12 (no idea if that's the case) I see improvements coming at some point.

So there is hope I think but it will take some time probably and that may be a pain for some people relying on it but still the software is still available on the planet. Everyone is still free to install it.

Interestingly, several of the pdf forms and pdf receipts I get are not created with adobe software. It appears that in Windows there are alternative comercial software that do work. (one was AFPL Ghostscript - don't we have that in Linux?) Why is it that we do not have working alternatives in Linux? For both things, creation and reading?

BTW, we will face a very similar situation with Flash soon and it'll be much more of a pain until alternatives are ready and polished enough.

One push against flash, I believe, is that some of the mobile platforms (android?) do not support flash. - -- Cheers, Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlJ85RIACgkQtTMYHG2NR9UY5QCeLz5P9ovwA5RwNhJomva4uKdc xA4An087lAoRzybOp6141Vf/ig3NcC+o =qh52 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Wolfgang Rosenauer wrote:

BTW, we will face a very similar situation with Flash soon and it'll be much more of a pain until alternatives are ready and polished enough.

It is no doubt dependent on one's situation, but speaking for myself and my company, acroread is far more important than flash. By an order of magnitude or more. -- Per Jessen, Zürich (14.9°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On Friday 08 of November 2013 10:50:49 John Layt wrote:

F) All the distros get together and fund a project to improve poppler to the point where it meets the required needs.

Seriously, this will be an issue for all distros, and waiting on volunteer developers to find enough time to solve the really hard problems involved will never get you there. It's a key problem that needs investment and at least one of the distros needs to step up and fund a solution. Same for printing.

Perhaps focusing on mupdf would be more efficient, because it is much faster and more memory efficient, already includes more features than poppler, the company behind it is very experienced in matters of document rendering, and just lacks a proper front-end at the moment. About the latter, there exists a preliminary mupdf backend for okular.

John. Regards, Peter -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2013-11-08 at 12:51 +0200, auxsvr@gmail.com wrote:

Perhaps focusing on mupdf would be more efficient, because it is much faster and more memory efficient, already includes more features than poppler, the company behind it is very experienced in matters of document rendering, and just lacks a proper front-end at the moment. About the latter, there exists a preliminary mupdf backend for okular.

Interesting. - -- Cheers, Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlJ85VoACgkQtTMYHG2NR9XTYQCeLm2rV32z5VnV1LpMOGup7qGr ka0An2epHfRQYDoUBGP8U5HYwdBoQzXV =YIgy -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On Sat, 9 Nov 2013 19:35, Linda Walsh wrote:

On 7 November 2013 22:12, Hans Witvliet wrote:

...

Any other options????

---

Running some windows version under Wine?

Can't Wine run a fair number of programs these days?

Most of the Adobe programs (Acroread, Acrobat, Photoshop) do NOT install / run under wine. Try 'Foxit Reader' that works under wine. (incl. signatues and forms, javascript animations, sorry no button test - didn't have a pdf with buttons handy) - Yamaban. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2013-11-09 at 23:05 +0100, Marcus Meissner wrote:

...

Running some windows version under Wine?

Can't Wine run a fair number of programs these days?

I tried it, it currently does not install.

Can't say if it runs after installing.

The wine people say only version 8 installs and run completely. Version 9 partially (and for those we'd better use the Linux version, anyway). Versions X and XII, total failure. The other alternatives are virtual machines. XP needs to be at SP3 for X to work, but XP is EOL on 2014, the wikipedia says. Thus it would have to be W7, which is more expensive. Gratis alternatives, well, Android. I just installed Android 4 under vimware player, emulating a tablet. I installed Acrobat 10.6, but it is a PITA. The display is small, there are no guest tools (AFAIK), PgUp/PgDn do not work. Gestures with a mouse are complicated things... In all, acrobat in android, unless on real hardware, is barely usable. - -- Cheers, Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlJ+7TQACgkQtTMYHG2NR9UNCQCcCndjcW/xo6guDxCycpS2lAfe HBgAniZnsf28BmpzP91owyog04DUAyCx =hsS5 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Hello, I would also like to express my vote to keep Adobe Reader available in an openSUSE customized version! Maybe not in NON-OSS repo, but possibly in packman? Reasons: 1) Official Adobe RPM (suggested as a workaround) does not work flawlessly on openSUSE. The openSUSE RPM has specific modifications to work around problems of Adobe Reader in openSUSE (eg. suse-do-not-grab-server.so and many others). Hence the official RPM is not equivalent for users. 2) Much bigger point not mentioned before: PRINTING!! I need to print US/letter page PDFs on A4 frequently, as well as PDF presentations created by pdflatex. Non of the opensource PDF alternatives (on KDE) provide *all* of these printing features: - booklets (kde#186732, kde#248673) - subset of pages, i.e. 1,3-5,9,11-16 - scale to fit printer margins (fixed in kde 4.12?) (kde#192189) - multiple pages per sheet (in custom/different orders/orientations). All of these printing limitations originally come from the KDE4, which does simply not consider printing as important (kde#77624 unmaintained)! Fancy GUI animations and so on are way more important... Asking people to wait for KDE to catch up in terms of printing is an insult, really. It could easily take another decade! The whole printing area seems to (or was for a long time) unmaintained. Acrobat in contrast had its own printing dialog, where most of these things are available in a simple GUI. So, how about providing openSUSE customized Acrobat RPM on packman repos? On 11/07/2013 05:20 PM, Christian Boltz wrote:

Hello,

Am Donnerstag, 7. November 2013 schrieb Carlos E. R.:

...

So, what exactly are the security risks I get into by opening local PDF files (generated by reputable sources, such as governments) with acroread in Linux? Can they be avoided or limited with a good AppArmor profile?

I don't know about the exact security risks - maybe someone from the security team knows more details.

With an AppArmor profile, you can make sure that acroread only reads *.pdf files and doesn't read or modify random files on your disk. You can also forbid networking - but this doesn't sound too useful when you need to submit a form online ;-)

Anyway, I'll attach my AppArmor profile for acroread. It's not as tight as it could be (and I'll probably do some changes to it now that I know acroread won't get security updates anymore), but it's a good start. Be warned that you will need to change it - for example I'm quite sure your home directory is not /home/cb/ ;-)

Note: the profile only covers the binary, not the wrapper script.

...

If the danger is in the Firefox plugin, for instance, that can be removed with less trouble.

Indeed, just zypper rm acroread-browser-plugin

I'd strongly recommend to do that (guess who split off this subpackage, and why... ;-)

Regards,

Christian Boltz

On Fri, Nov 8, 2013 at 7:01 AM, Joschi Brauchle wrote:

Hello,

I would also like to express my vote to keep Adobe Reader available in an openSUSE customized version! Maybe not in NON-OSS repo, but possibly in packman?

Hi, guys, I would like to mention the basic design theory of Packman: 1. it's a separate project from openSUSE. eg, building packages for openSUSE project doesn't mean they're the same. 2. it's an open source project. it aims to "workaround" for open source multimedia projects that upstream warned about potential pa*ent violations. So a known commercial proprietary product isn't able to be in Packman, esp. when it needs a new redistribution promission from Adobe. The previous permission was issued to SUSE Linux and openSUSE. But not for Packman. And Packman isn't able to accquire such permission, I think. I don't know how exactly Packman is designed to be a firewall in law, but it's common sense, if you're able to receive something from a company, of course you're able to receive summon from a court too. So I think maybe a non-existent-in-law project isn't an entity for just deals. Meanwhile, as Adobe declared unmaintenance itself, of course it will not issue such permissions after that. Greetings. Marguerite -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

* Marcus Meissner [2013-11-08 11:41]:

On Fri, Nov 08, 2013 at 10:01:18AM +0800, Marguerite Su wrote:

...

On Fri, Nov 8, 2013 at 7:01 AM, Joschi Brauchle wrote:

...

Hello,

I would also like to express my vote to keep Adobe Reader available in an openSUSE customized version! Maybe not in NON-OSS repo, but possibly in packman?

Hi, guys,

I would like to mention the basic design theory of Packman:

1. it's a separate project from openSUSE. eg, building packages for openSUSE project doesn't mean they're the same. 2. it's an open source project. it aims to "workaround" for open source multimedia projects that upstream warned about potential pa*ent violations.

So a known commercial proprietary product isn't able to be in Packman, esp. when it needs a new redistribution promission from Adobe. The previous permission was issued to SUSE Linux and openSUSE. But not for Packman. And Packman isn't able to accquire such permission, I think. I don't know how exactly Packman is designed to be a firewall in law, but it's common sense, if you're able to receive something from a company, of course you're able to receive summon from a court too. So I think maybe a non-existent-in-law project isn't an entity for just deals. Meanwhile, as Adobe declared unmaintenance itself, of course it will not issue such permissions after that.

License is not a big issue for Adobe Reader.

It requires a click-through shrinkwrap license. So having a license confirmation dialog is sufficient.

No special contracts requried according to our understanding for Adobe Reader.

Huh? From the Adobe Reader Licensing Agreement: 3.3 Distribution. This license does not grant you the right to sublicense or distribute the Software. For information about obtaining the right to distribute the Software on tangible media or through an internal network or with your product or service please refer to http://www.adobe.com/go/acrobat_distribute for information about Adobe Reader; or http://www.adobe.com/go/licensing for information about the Adobe Runtimes. On http://www.adobe.com/products/reader/distribution.html you can apply for a license to distribute the reader under the following terms: 3.2 Distribution. Distributor may: [...] (c) Distribute the Software, with the exception of ARH, as a part of or with Distributor Product or Distributor Service (i) through electronic means such as electronic download --including, without limitation, electronic software download-- for example bundled in Distributor’s installer, which in turn, is downloaded through the Internet and (ii) on physical media (such as CD-ROMs, DVDs, hard disk, etc.). (d) Distribute ARH only (i) as bundled with the Distributor Product or Service and (ii) (y) through electronic means such as electronic download --including, without limitation, electronic software download-- for example bundled in Distributor's installer, which in turn, is downloaded through the Internet and (z) on physical media (such as CD-ROMs, DVDs, hard disk, etc.). In all cases the Software is to be distributed in complete form and only for purposes of complete installation and use by the end user. The Software shall not be configured or distributed for use without installation. So that would not allow the package in its current form to be distributed either, furthermore there is no legal entity behind Packman which could negotiate a custom license to distribute and even if there were this would pose a problem for mirrors. Apart from that it will not enter Packman for the same reason it was removed from openSUSE so this whole discussion is growing increasingly pointless. -- Guido Berhoerster -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

May I ask a quick: (it may be answered elsewhere but I'm not sure as this thread has gone out of proportion) In order to save some hassle for me and my institution, I currently branched the last available version of the openSUSE RPM of Adobe Reader in OBS. I figured, as the package was available in the official openSUSE 'non-free' repos on OBS before and still is for < 13.1, this would be OK. So is it OK to branch or not? There are several other non-official repos which have it branched currently. Is a branched package in a home repo in OBS technically still being distibuted by openSUSE? Thanks for any help! On 11/08/2013 06:46 AM, Guido Berhoerster wrote:

* Marcus Meissner [2013-11-08 11:41]:

...

On Fri, Nov 08, 2013 at 10:01:18AM +0800, Marguerite Su wrote:

...

On Fri, Nov 8, 2013 at 7:01 AM, Joschi Brauchle wrote:

...

Hello,

I would also like to express my vote to keep Adobe Reader available in an openSUSE customized version! Maybe not in NON-OSS repo, but possibly in packman?

Hi, guys,

I would like to mention the basic design theory of Packman:

1. it's a separate project from openSUSE. eg, building packages for openSUSE project doesn't mean they're the same. 2. it's an open source project. it aims to "workaround" for open source multimedia projects that upstream warned about potential pa*ent violations.

So a known commercial proprietary product isn't able to be in Packman, esp. when it needs a new redistribution promission from Adobe. The previous permission was issued to SUSE Linux and openSUSE. But not for Packman. And Packman isn't able to accquire such permission, I think. I don't know how exactly Packman is designed to be a firewall in law, but it's common sense, if you're able to receive something from a company, of course you're able to receive summon from a court too. So I think maybe a non-existent-in-law project isn't an entity for just deals. Meanwhile, as Adobe declared unmaintenance itself, of course it will not issue such permissions after that.

License is not a big issue for Adobe Reader.

It requires a click-through shrinkwrap license. So having a license confirmation dialog is sufficient.

No special contracts requried according to our understanding for Adobe Reader.

Huh? From the Adobe Reader Licensing Agreement:

3.3 Distribution. This license does not grant you the right to sublicense or distribute the Software. For information about obtaining the right to distribute the Software on tangible media or through an internal network or with your product or service please refer to http://www.adobe.com/go/acrobat_distribute for information about Adobe Reader; or http://www.adobe.com/go/licensing for information about the Adobe Runtimes.

On http://www.adobe.com/products/reader/distribution.html you can apply for a license to distribute the reader under the following terms:

3.2 Distribution. Distributor may:

[...]

(c) Distribute the Software, with the exception of ARH, as a part of or with Distributor Product or Distributor Service (i) through electronic means such as electronic download --including, without limitation, electronic software download-- for example bundled in Distributor’s installer, which in turn, is downloaded through the Internet and (ii) on physical media (such as CD-ROMs, DVDs, hard disk, etc.).

(d) Distribute ARH only (i) as bundled with the Distributor Product or Service and (ii) (y) through electronic means such as electronic download --including, without limitation, electronic software download-- for example bundled in Distributor's installer, which in turn, is downloaded through the Internet and (z) on physical media (such as CD-ROMs, DVDs, hard disk, etc.).

In all cases the Software is to be distributed in complete form and only for purposes of complete installation and use by the end user. The Software shall not be configured or distributed for use without installation.

So that would not allow the package in its current form to be distributed either, furthermore there is no legal entity behind Packman which could negotiate a custom license to distribute and even if there were this would pose a problem for mirrors.

Apart from that it will not enter Packman for the same reason it was removed from openSUSE so this whole discussion is growing increasingly pointless.

* Joschi Brauchle [2013-11-08 19:59]:

May I ask a quick: (it may be answered elsewhere but I'm not sure as this thread has gone out of proportion)

In order to save some hassle for me and my institution, I currently branched the last available version of the openSUSE RPM of Adobe Reader in OBS.

I figured, as the package was available in the official openSUSE 'non-free' repos on OBS before and still is for < 13.1, this would be OK.

So is it OK to branch or not? There are several other non-official repos which have it branched currently. Is a branched package in a home repo in OBS technically still being distibuted by openSUSE?

Thanks for any help!

Packages under a non-OSI license are only allowed in openSUSE:*:Non-Free(:*) according to the rules* and may be deleted, so I'd just check out the package from openSUSE:12.3:NonFree:Update and build it locally for 13.1. [*] http://en.opensuse.org/openSUSE:Build_Service_application_blacklist -- Guido Berhoerster -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On Saturday 09 November 2013, Guido Berhoerster wrote:

* Joschi Brauchle [2013-11-08 19:59]:

...

May I ask a quick: (it may be answered elsewhere but I'm not sure as this thread has gone out of proportion)

In order to save some hassle for me and my institution, I currently branched the last available version of the openSUSE RPM of Adobe Reader in OBS.

I figured, as the package was available in the official openSUSE 'non-free' repos on OBS before and still is for < 13.1, this would be OK.

So is it OK to branch or not? There are several other non-official repos which have it branched currently. Is a branched package in a home repo in OBS technically still being distibuted by openSUSE?

Thanks for any help!

Packages under a non-OSI license are only allowed in openSUSE:*:Non-Free(:*) according to the rules* and may be deleted, so I'd just check out the package from openSUSE:12.3:NonFree:Update and build it locally for 13.1.

Can't you simply use the 12.3 package? What is the benefit of rebuilding a package with binary-only sources? cu, Rudi -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday, 2013-11-07 at 23:20 +0100, Christian Boltz wrote:

Am Donnerstag, 7. November 2013 schrieb Carlos E. R.:

...

So, what exactly are the security risks I get into by opening local PDF files (generated by reputable sources, such as governments) with acroread in Linux? Can they be avoided or limited with a good AppArmor profile?

I don't know about the exact security risks - maybe someone from the security team knows more details.

With an AppArmor profile, you can make sure that acroread only reads *.pdf files and doesn't read or modify random files on your disk. You can also forbid networking - but this doesn't sound too useful when you need to submit a form online ;-)

No, I don't need to submit forms online. That only works, AFAIK, on intranets. It needs a special adobe server and probably only works on the Windows version. I've never had the chance to try, anyway. In fact, when I remember, I activate a firewall trick to block acroread from communicating on internet.

Anyway, I'll attach my AppArmor profile for acroread. It's not as tight as it could be (and I'll probably do some changes to it now that I know acroread won't get security updates anymore), but it's a good start. Be warned that you will need to change it - for example I'm quite sure your home directory is not /home/cb/ ;-)

It is a start, thanks. Now that I think, the yast apparmour wizard has disappeared, so it is more difficult to adjust profiles.

Note: the profile only covers the binary, not the wrapper script.

Which is that?

...

If the danger is in the Firefox plugin, for instance, that can be removed with less trouble.

Indeed, just zypper rm acroread-browser-plugin

I'd strongly recommend to do that (guess who split off this subpackage, and why... ;-)

No idea... But I already removed it some hours ago. - -- Cheers, Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlJ8QXgACgkQtTMYHG2NR9WWlwCeOPRgR2iWs/UNnipezaGqkyHg uMUAnAxJeCOkoqVOqL0YvjOuDZt/Nzbs =l6bc -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2013-11-08 at 13:41 +0100, Christian Boltz wrote:

...

Now that I think, the yast apparmour wizard has disappeared, so it is more difficult to adjust profiles.

Hmm, I didn't check the YaST module for a long time (I never use it), but the changelog says you are right:

* Mo Aug 19 2013 jreidinger@suse.com - fix broken dialog in edit profiles - drop reporting and profile generation tools (FATE#308684,308683)

Needless to say that both FATE entries are non-public :-( which means I don't know any details why this was done. The only thing I know is that the changelog entry is partly wrong - the "reporting" part was already disabled in 2011 because of upstream changes.

In the remaining part, I even found a crash :-( (-> bug 849571)

Mmm.

That said - you don't need YaST to update the profiles ;-) - the commandline tools work as good as always.

To update an existing profile, run aa-logprof It will ask you in the same way YaST did, the only difference is that you need to use your keyboard instead of your mouse ;-)

I'll try... never used those, as far as I remember.

New profiles can be created with aa-genprof.

...

...

Note: the profile only covers the binary, not the wrapper script.

Which is that?

That's easy to find out ;-)

# which acroread # ls -l `which acroread` (and then follow the symlink)

Ah, ok, I understand. cer@Telcontar:~> file /usr/lib/Adobe/Reader9/bin/acroread /usr/lib/Adobe/Reader9/bin/acroread: POSIX shell script, ASCII text executable I didn't realise there was a script involved. And the script is provided by openSUSE, because I see refrences to bugzillas in it. So, in order to install adobe from "upstream", I would still need to keep the script from a previous install. :-( Hum... the script says copyright be Adobe... I don't understand.

Or just run aa-genprof acroread to create a profile ;-) Note: AFAIK the wrapper script uses LD_PRELOAD when starting the real binary, which means you should _not_ clean the environment when the binary is executed ("px" instead of "Px" in the profile)

Mmmm.

That all said: The most secure solution is of course to use a maintained PDF reader like Okular, but if you really _have to_ use acroread for some reason, it's more secure (or should I say less exploitable with an AppArmor profile.

Oh, yes. I seldom use acroread, in fact.

...

...

...

If the danger is in the Firefox plugin, for instance, that can be removed with less trouble.

Indeed, just zypper rm acroread-browser-plugin

I'd strongly recommend to do that (guess who split off this subpackage, and why... ;-)

No idea...

You can blame me for the subpackage ;-)

:-) - -- Cheers, Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlJ86GEACgkQtTMYHG2NR9XRzwCfdUWSFUBdgfO1deRRrhufHN0f oG8An1opSXtIIl0Be6tqMDip9iYYx1KK =QMYA -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On Fri, Nov 8, 2013 at 6:20 AM, Christian Boltz wrote:

I don't know about the exact security risks - maybe someone from the security team knows more details.

With an AppArmor profile, you can make sure that acroread only reads *.pdf files and doesn't read or modify random files on your disk. You can also forbid networking - but this doesn't sound too useful when you need to submit a form online ;-)

Anyway, I'll attach my AppArmor profile for acroread. It's not as tight as it could be (and I'll probably do some changes to it now that I know acroread won't get security updates anymore), but it's a good start. Be warned that you will need to change it - for example I'm quite sure your home directory is not /home/cb/ ;-)

Note: the profile only covers the binary, not the wrapper script.

Security flaws are not judged by whether there're workarounds... You can have a entry on Release Note mention: ha, something doesn't work...here's how to get it work. But you can't say: ha...we are potential targets for...well here's how... It'll mean: we're insecure by default...that's crazy and insane...of course almost 90% of network tools' security flaws can be "fixed" by disconnection from network...I don't wanna look like a troll but that's an extreme example... And I don't think a public hearing on a puclic mailing list for explanations of what those security flaws are or where they're is a _good_ idea...maybe we can open a _close_ security bug report? Marguerite -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On Thursday 07 November 2013, Bernhard Voelker wrote:

...

On November 7, 2013 at 2:31 PM Per Jessen wrote: I think we ought to keep acroread in the distro simply because it's about usability.  The current suggestions:

Usability ... hmm, well, my first concern is security. If someone trusts the unmaintained stuff, then he/she should install it.

...

a) download it from adobe yourself b) use something else

c) if someone is really interested, why doesn't he maintain his own version in OBS?

I guess this is not possible because of the License. I had tried this for flash plugin one time and got delete requests by self-proclaimed OBS policemen. BTW the reason why I had to build flash was similar. Security had removed the 64bit version just because it was slightly older than the 32bit one. Then zypper patch tried to install the 32bit one and this was a real mess of my 64bit-only installation.

...

are not good enough.  If (a) was a real solution, why are we building building a distro at all.  (b) is not a solution because there is no 100% replacement for acroread.

By removing acroread, we are sacrificing critical usability because of a rule about unmaintained software.  I suggest we reconsider and wait until the alternatives have caught up.  Once we have a mature plug-compatible alternative, we can remove acroread.

Now, as there have been many complaints about okular and other replacements here on this list: honestly, does anyone have opened a bug for it? ... hmm, I guess no, and so will it be until users are starting to use other things than acroread ... and they won't start until that package is removed.

BTW: what are other distros doing?

cu, Rudi -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday, 2013-11-07 at 19:21 +0100, Per Jessen wrote:

...

Now, as there have been many complaints about okular and other replacements here on this list: honestly, does anyone have opened a bug for it?

Let's not open that can of worms. People have probably looked at okular then installed acroread. Problem solved. I use acroread because I need some assurance that whatever PDF's I produce will look correct/appropriate in the tool used by my customers.

Same here. I did report problems with forms (and other issues) time ago, till I got tired. - -- Cheers, Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlJ76uEACgkQtTMYHG2NR9UTeQCeJW8xB5thtyLSsTh1E8HrX29i UakAn3oe87TdVZHlNo/exLlXcMwgqkLy =iwx0 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Hello, On Nov 7 15:07 Richard Brown wrote (excerpt):

I've used openSUSE as my main OS for many years now. Until this thread about the removal of acroread, I didn't even know we had Acrobad Reader available in the distribution

evince has proven more than satisfactory for all of the online/semi online/offline PDF forms I've had to deal with, which coincidentally been quite a few in the last weeks. Form filling, saving, printing, all fine.

Lucky you! Perhaps even most users never need the Adobe Reader. But there is a constant (relatively low) level of incoming bugs where printing some PDFs fails and then usually printing that PDFs from the Adobe Reader works. See the "Background information" in https://bugzilla.novell.com/show_bug.cgi?id=838487#c7 The latest issue is https://bugzilla.novell.com/show_bug.cgi?id=848493 FYI: Personally I do not care if openSUSE povides this or that kind of non-free software - personally I could help myself. Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH -- Maxfeldstrasse 5 -- 90409 Nuernberg -- Germany HRB 16746 (AG Nuernberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Richard Brown wrote:

So, for pure reasons of sanity, can we please stop spawning new threads about acroread?

I created a new thread precisely for sanity. The original thread morphed into something else.

If there is anything more to be discussed on the topic, and I think that's questionable, then I would recommend the 'No more acroread?' thread.

Surely you meant the "Requesting people to test RC1 of RC2 or whatever" thread. -- Per Jessen, Zürich (13.8°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Btw. I tested the newest adobe reader with wine. The installer hangs, I extracted the content of the *exe and ran AcroRd32 which worked so the GUI is ok but actually I did not manage to open a .pdf with it, I get an error which I suspect is because I skipped the installation. But there is another free windows pdf reader called foxit which does all that (signing, printing, all the forms). Just tried it. Download, install, start, editing pdf. No problem with wine. 2013/11/8 Michal Hrusecky :

Brian K. White - 21:03 7.11.13 wrote:

...

On 11/7/2013 8:31 AM, Per Jessen wrote:

...

I think we ought to keep acroread in the distro simply because it's about usability. The current suggestions:

a) download it from adobe yourself b) use something else

are not good enough. If (a) was a real solution, why are we building building a distro at all. (b) is not a solution because there is no 100% replacement for acroread.

By removing acroread, we are sacrificing critical usability because of a rule about unmaintained software. I suggest we reconsider and wait until the alternatives have caught up. Once we have a mature plug-compatible alternative, we can remove acroread.

package up a download-and-install-the-fly script

surely acroread is no more unmaintained than microsoft true type fonts from 15 years ago?

But software that renders them is maintained ;-)

-- Michal HRUSECKY SUSE LINUX, s.r.o. openSUSE Team Lihovarska 1060/12 PGP 0xFED656F6 19000 Praha 9 mhrusecky[at]suse.cz Czech Republic http://michal.hrusecky.net http://www.suse.cz -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2013-11-08 at 13:03 +0100, Michal Vyskocil wrote:

On Fri, Nov 08, 2013 at 08:09:03AM +0000, Damian Ivanov wrote:

...

But there is another free windows pdf reader called foxit which does all that (signing, printing, all the forms). Just tried it. Download, install, start, editing pdf. No problem with wine.

I tested it. Signature check fails. Dunno if something is missing or faulty, or simply does not work in Wine.

Thanks for beeing constructive. Would you mind to create some wiki page, which can contain all those information regarding PDF readers (incl wine section)?

It has been created: http://en.opensuse.org/Adobe_Reader - -- Cheers, Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlKEKnUACgkQtTMYHG2NR9U9mwCfSOvEwQQ68Ym1Zonirr/v6Aiy UrwAn2SsgYK9jTBIQO/ruOprajfeU/ra =WaEd -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On Wed, Nov 13, 2013 at 10:59 PM, Yamaban wrote:

On Thu, 14 Nov 2013 02:42, Carlos E. R. wrote:

...

On Friday, 2013-11-08 at 13:03 +0100, Michal Vyskocil wrote:

...

On Fri, Nov 08, 2013 at 08:09:03AM +0000, Damian Ivanov wrote:

...

...

But there is another free windows pdf reader called foxit which does all that (signing, printing, all the forms). Just tried it. Download, install, start, editing pdf. No problem with wine.

I tested it. Signature check fails. Dunno if something is missing or faulty, or simply does not work in Wine.

Hmmm, poking around there, it seems that FoxIt tries to use the Mircosoft Windows provided "Signature-Store", which is NOT available in wine.

Background: MS-Windows provides a OS managed certification framework, some apps use that, some provide their own.

E.g. Mozilla products bring and use their own, Apple products use the OS (MS-Win or OS-X / IOS ) provided framework.

That's my guess based on the api-calls I've traced.

I guess wine could and should provide the store. That's a bug report/feature request/patch waiting to happen. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On Wed, Nov 13, 2013 at 11:59 PM, Yamaban wrote:

Uh-uh that's a no-no! Big BAD can of worms! A small soft firm (microsoft) will send their lawers to happily and readily roast you over coals if you try to touch their "Signature-Store" technology.

What wine could do would be presenting a api that redirects / rewrites the calls to openssl / or similar cert-proving software available in the underlaying system.

So, it's no bug, but a non-implemented feature due to legal concerns and no direct need so far.

I don't see how certificate store API would be any legally gray-er than the rest of windows ABI, but I'm no lawyer. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Dne Pá 8. listopadu 2013 14:37:19, Carlos E. R. napsal(a):

On Friday, 2013-11-08 at 11:43 +0100, Michal Hrusecky wrote:

...

as said few times in thread already, Acrobat is not coming back, can we stop this flame now? Or take it to Adobe ;-)

Wasn't this a community? Or is it a dictatorship? :-?

-- Cheers, Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar)

Carlos, this is definitely community driven technical channel. But as I say it is technical one, you are not supposed to start vote about You are supposed to use this list for these tasks: 1) announce major changes in components (yast move to ruby, etc) 2) query about technical issues you are uncertain of (if they are relevant for whole distro not just for some part, where you should ask the team there directly) 3) discussion about technical proposals (eg change of process how to store spec files) I don't see your complaining about acroread being up par at all, you are actually just wasting time of numerous people that have to go over your mails to get to the relevant ones. There were few quite constructive in the whole thread, proposal of mupdf and some testing with wine/etc. which should be afterwards moved to wiki and no longer be discussed here. So please take your time to think of your actions and realise we have to read this in order to be able to react to relevant mails. I know coolo gave up on this list and just blatanly ignores some people, but I honestly think we should have less chit-chat like this around and more up-par list where people could subscribe to see only the problems of importance. Cheers Tom

Dne Pá 8. listopadu 2013 16:33:36, Per Jessen napsal(a):

Where do you suggest we go to discuss e.g. policy and distro content? This is currently the best suited list, imho.

But you are NOT discussing policies. You are whining about removal of one particular package. Which was removed in accordance of all the security rules and with blessing from release team. Don't know how more by the book change you want to have. If you want to change/discuss the security policy you are more than welcome to do so, but I guess it won't have much chance for approval as the current one is really sensible. If you just feel offended about the fact we removed your favorite and popular application after the vendor stopped providing support for it then I suggest you bring it forward to the vendor of the named software. Cheers Tom

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2013-11-08 at 16:58 +0100, Per Jessen wrote:

...

You are whining about removal of one particular package.

Please be civil. I simply made a proposal to focus on usability for our users. Personally I have no issue with downloading directly from Adobe (as long as it lasts) and tightening my environment with apparmor.

I agree.

...

If you just feel offended about the fact we removed your favorite and popular application after the vendor stopped providing support for it then I suggest you bring it forward to the vendor of the named software.

No, I am not offended, I am merely puzzled by the lack of consideration for the openSUSE user.

Me too. :-| - -- Cheers, Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlJ9IjMACgkQtTMYHG2NR9XMRQCgkb6pKZORt0m7KdNMl8up0ZPV jHcAmwXfSTlamMd/mLiAz1fRMy6+yI/B =oNwP -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Larry Finger wrote:

On 11/08/2013 11:41 AM, Carlos E. R. wrote:

...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Friday, 2013-11-08 at 16:58 +0100, Per Jessen wrote:

...

...

You are whining about removal of one particular package.

Please be civil. I simply made a proposal to focus on usability for our users. Personally I have no issue with downloading directly from Adobe (as long as it lasts) and tightening my environment with apparmor.

I agree.

...

...

If you just feel offended about the fact we removed your favorite and popular application after the vendor stopped providing support for it then I suggest you bring it forward to the vendor of the named software.

No, I am not offended, I am merely puzzled by the lack of consideration for the openSUSE user.

Me too. :-|

I disagree. The decision is a sign of consideration for the openSUSE user. The people on this list have the necessary information for evaluating the risk and avoiding any problems like this, but can you say that for the average user? If you really want to run Adobe Reader, install any suitable flavor of Windows in a Virtual Machine, share your entire Linux disk with that VM, and boot it when you need to process a PDF that okular cannot handle.

Larry, that is just not a viable alternative for the average user to whom we should be catering. To anyone technically able, the lack of acroread will only become a problem when it is no longer available for download or no longer runs on one's distro. I can work with that for my purposes until open-source alternatives have (hopefully) matured sufficiently, but Joe Bloggs and his grandmum cannot. I am repeating myself, but I remain puzzled by the lack of consideration for the openSUSE user, average or otherwise. I sincerely hope we/openSUSE are not turning into an ivory tower. -- Per Jessen, Zürich (13.8°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Claudio Freire wrote:

On Fri, Nov 8, 2013 at 4:56 PM, Per Jessen wrote:

...

...

I disagree. The decision is a sign of consideration for the openSUSE user. The people on this list have the necessary information for evaluating the risk and avoiding any problems like this, but can you say that for the average user? If you really want to run Adobe Reader, install any suitable flavor of Windows in a Virtual Machine, share your entire Linux disk with that VM, and boot it when you need to process a PDF that okular cannot handle.

Larry, that is just not a viable alternative for the average user to whom we should be catering. To anyone technically able, the lack of acroread will only become a problem when it is no longer available for download or no longer runs on one's distro. I can work with that for my purposes until open-source alternatives have (hopefully) matured sufficiently, but Joe Bloggs and his grandmum cannot. I am repeating myself, but I remain puzzled by the lack of consideration for the openSUSE user, average or otherwise. I sincerely hope we/openSUSE are not turning into an ivory tower.

It's not a lack of concern, it's a lack of power.

Adobe withdrew support. It's their software, their license.

Did they withdraw the license for us/openSUSE to ship it? If we are prematurely withdrawing acroread from the distro, we are showing an utter lack of concern for our users. I presume acroread already has known security holes, but for those average users with a genuine need, surely we should let them chose their poison rather than just take it away. Just like with cigarettes and alcohol, put a big label on acroread saying "dangerous/poisonous/deprecated/unsupported". What's wrong with that?

AppArmor, or a VM even, cannot compensate insecure software. It mitigates, but it does not compensate.

Agree. I don't think anyone suggested otherwise.

So the only alternative left to OSS is the slow and painful one: build support for the missing features on the OS alternatives.

It is most unfortunate that we have not succeeded in this sofar, but it is not a reason to drop our average users in it in the deep end. IMHO. -- Per Jessen, Zürich (13.2°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Michal Hrusecky wrote:

Per Jessen - 21:40 8.11.13 wrote:

...

Claudio Freire wrote:

...

On Fri, Nov 8, 2013 at 4:56 PM, Per Jessen wrote:

...

...

I disagree. The decision is a sign of consideration for the openSUSE user. The people on this list have the necessary information for evaluating the risk and avoiding any problems like this, but can you say that for the average user? If you really want to run Adobe Reader, install any suitable flavor of Windows in a Virtual Machine, share your entire Linux disk with that VM, and boot it when you need to process a PDF that okular cannot handle.

Larry, that is just not a viable alternative for the average user to whom we should be catering. To anyone technically able, the lack of acroread will only become a problem when it is no longer available for download or no longer runs on one's distro. I can work with that for my purposes until open-source alternatives have (hopefully) matured sufficiently, but Joe Bloggs and his grandmum cannot. I am repeating myself, but I remain puzzled by the lack of consideration for the openSUSE user, average or otherwise. I sincerely hope we/openSUSE are not turning into an ivory tower.

It's not a lack of concern, it's a lack of power.

Adobe withdrew support. It's their software, their license.

Did they withdraw the license for us/openSUSE to ship it? If we are prematurely withdrawing acroread from the distro, we are showing an utter lack of concern for our users. I presume acroread already has known security holes, but for those average users with a genuine need, surely we should let them chose their poison rather than just take it away. Just like with cigarettes and alcohol, put a big label on acroread saying "dangerous/poisonous/deprecated/unsupported". What's wrong with that?

As repeated over and over again - unmaintained and with security holes = doesn't belong to the distro. If you don't like it and would like to have everything inside, make a proposal to change a policy to what you think is a better one (the one that includes dangerous software).

See $SUBJ. -- Per Jessen, Zürich (4.1°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Michal Hrusecky wrote:

Per Jessen - 20:12 11.11.13 wrote:

...

Michal Hrusecky wrote:

...

See $SUBJ.

Whining for policy exception for something that can't happen now anyway :-)

Will you please stop "whining" yourself. I was in no way "whining" about anything, I was making a suggestion. -- Per Jessen, Zürich (4.2°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On 11/08/2013 02:56 PM, Per Jessen pecked at the keyboard and wrote:

Larry Finger wrote:

...

On 11/08/2013 11:41 AM, Carlos E. R. wrote:

...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Friday, 2013-11-08 at 16:58 +0100, Per Jessen wrote:

...

...

You are whining about removal of one particular package.

Please be civil. I simply made a proposal to focus on usability for our users. Personally I have no issue with downloading directly from Adobe (as long as it lasts) and tightening my environment with apparmor.

I agree.

...

...

If you just feel offended about the fact we removed your favorite and popular application after the vendor stopped providing support for it then I suggest you bring it forward to the vendor of the named software.

No, I am not offended, I am merely puzzled by the lack of consideration for the openSUSE user.

Me too. :-|

I disagree. The decision is a sign of consideration for the openSUSE user. The people on this list have the necessary information for evaluating the risk and avoiding any problems like this, but can you say that for the average user? If you really want to run Adobe Reader, install any suitable flavor of Windows in a Virtual Machine, share your entire Linux disk with that VM, and boot it when you need to process a PDF that okular cannot handle.

Larry, that is just not a viable alternative for the average user to whom we should be catering. To anyone technically able, the lack of acroread will only become a problem when it is no longer available for download or no longer runs on one's distro. I can work with that for my purposes until open-source alternatives have (hopefully) matured sufficiently, but Joe Bloggs and his grandmum cannot. I am repeating myself, but I remain puzzled by the lack of consideration for the openSUSE user, average or otherwise. I sincerely hope we/openSUSE are not turning into an ivory tower.

Does Microsoft supply Acrobat Reader to it's user base? The obvious answer is no, so how do the MS users get it installed on their PC's? They install it on their own. Just be thankful the openSUSE has been providing it via a repo for a number of years. -- Ken Schneider SuSe since Version 5.2, June 1998 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Am 09.11.2013 01:58, schrieb Carlos E. R.:

On Friday, 2013-11-08 at 17:05 -0500, Ken Schneider - openSUSE wrote:

...

Does Microsoft supply Acrobat Reader to it's user base? The obvious answer is no, so how do the MS users get it installed on their PC's? They install it on their own. Just be thankful the openSUSE has been providing it via a repo for a number of years.

There is a difference. openSUSE provides all the software as part of the distribution, like firefox, libreoffice, gimp...

All the mentioned software that we provide is open source. Adobe crap is not. We should just drop all non-free stuff finally, to make it explicitly clear that something like this bikeshedding thread will not happen again. And again, all this has nothing to do with the topics of opensuse-factory as it is completely non-technical. -- Stefan Seyfried "Mit Außerirdischen, die nicht weiter gekommen sind als Microsoft und Apple, will ich persönlich nichts zu tun haben." -- Prof. Harald Lesch -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On Sun, 10 Nov 2013 06:36:24 +0400, Ilya Chernykh wrote:

I know no open source PDF reader that supports subpixel hinting. I would say, write one first, then delete the non-free one. :-(

How is that in any way a reasonable suggestion? That the openSUSE project "has" to write an OSS replacement for a proprietary piece of software that was included in the past - as a convenience to those who have come to rely on it - in order to drop it because the proprietary software company that makes it has decided not to support Linux properly? Go beat up on Adobe. It's their product, it's their closed/proprietary file format. It's not the openSUSE project's fault that Adobe decided Linux support wasn't important, and it's sure not the openSUSE project's job to fix Adobe's decision. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Content-ID: On Sunday, 2013-11-10 at 09:04 +0400, Andrey Borzenkov wrote:

В Sun, 10 Nov 2013 04:50:05 +0000 (UTC) Jim Henderson <> пишет:

...

Go beat up on Adobe. It's their product, it's their closed/proprietary file format.

I thought that PDF spec are public. I even have one lying somewhere around. Do you mean that it is incomplete and Adobe is using more features than it publishes?

You are correct, it is ISO 32000, So it is not a proprietary format. See http://en.wikipedia.org/wiki/Portable_Document_Format for more details. However, while it is true that adobe adds proprietary things, they in time end in the standard. The XFA forms were published in 2009, with earlier specifications (see wikipedia table), all part of that ISO standard. There is no excuse for not fully supporting the standard in Linux. :-( - -- Cheers, Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlJ/k4sACgkQtTMYHG2NR9Wz5wCfaF+0JZPcM4YUNrAdDzvmmE0N xwQAni0QcloupDEyHh6Sfo7ft02R/zxF =jZwj -----END PGP SIGNATURE-----

On Sun, 10 Nov 2013 09:04:01 +0400, Andrey Borzenkov wrote:

В Sun, 10 Nov 2013 04:50:05 +0000 (UTC) Jim Henderson пишет:

...

Go beat up on Adobe. It's their product, it's their closed/proprietary file format.

I thought that PDF spec are public. I even have one lying somewhere around. Do you mean that it is incomplete and Adobe is using more features than it publishes?

If that's the case - and the full spec is in the wild, then take the problem of incomplete support to those who write PDF readers that lack the features you need. I still don't see how it's a reasonable position to state "since none of the other OSS PDF reader solutions are out there, the openSUSE project *MUST* continue to include a discontinued proprietary package or throw resources into solving a problem that applies to a small segment of users." Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On Friday 08 of November 2013 16:52:10 Tomáš Chvátal wrote:

Dne Pá 8. listopadu 2013 16:33:36, Per Jessen napsal(a):

...

Where do you suggest we go to discuss e.g. policy and distro content? This is currently the best suited list, imho.

But you are NOT discussing policies.

You are whining about removal of one particular package. Which was removed in accordance of all the security rules and with blessing from release team. Don't know how more by the book change you want to have.

If you want to change/discuss the security policy you are more than welcome to do so, but I guess it won't have much chance for approval as the current one is really sensible.

Wouldn't it be more sensible for everyone if the current version of acroread is preserved bundled with an extremely restricted apparmor profile? Namely no network access, no write access in user directories apart from the settings directories, no access to shell or other executables?

Cheers

Tom

Regards, Peter -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On 11/8/2013 10:52 AM, Tomáš Chvátal wrote:

Dne Pá 8. listopadu 2013 16:33:36, Per Jessen napsal(a):

...

Where do you suggest we go to discuss e.g. policy and distro content? This is currently the best suited list, imho.

But you are NOT discussing policies.

You are whining about removal of one particular package. Which was removed in accordance of all the security rules and with blessing from release team. Don't know how more by the book change you want to have.

If you want to change/discuss the security policy you are more than welcome to do so, but I guess it won't have much chance for approval as the current one is really sensible.

If you just feel offended about the fact we removed your favorite and popular application after the vendor stopped providing support for it then I suggest you bring it forward to the vendor of the named software.

Cheers

Tom

You have it backwards. If you don't find this topic interesting, you should not participate in it. -- bkw -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Hans Witvliet wrote:

On Fri, 2013-11-08 at 13:04 -0500, Brian K. White wrote:

<snip> He is correct in certainly one aspect: this discussion might better be done on the users-ML, instead of the __factory__ ML

The discussion concerns a yet-to-be-released version of openSUSE. Where better than here. -- Per Jessen, Zürich (13.3°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On 11/8/2013 4:09 PM, Michal Hrusecky wrote:

Per Jessen - 21:41 8.11.13 wrote:

...

Hans Witvliet wrote:

...

On Fri, 2013-11-08 at 13:04 -0500, Brian K. White wrote:

<snip> He is correct in certainly one aspect: this discussion might better be done on the users-ML, instead of the __factory__ ML

The discussion concerns a yet-to-be-released version of openSUSE. Where better than here.

The discussion is far of off-topic flame and discusses how to handle weird forms that you might encounter and how people love closed source unmaintained software that nobody can fix and is known to be buggy. This is in no sense *TECHNICAL* discussion. Apart from that,

13.1 is locked as coolo announced, so 13.1 is not accepting even updates now, only maintenance updates, so no new packages now.

Since this is a factory list, not a 13.1 list, who cares what can and can't be done for 13.1 one second after 13.1 releases? But I agree the real problems/blames are: 1) Adobe ships a proprietary binary. They can do whatever they want with it, including charge, not-charge, support, not-support, drop altogether. 2) Users all buy what Adobe sells and don't think about the consequences. A few years go by and here we are. Given the starting conditions, it is inevitable, a guarantee, not a surprise. It doesn't matter how much we've all come to depend of something we have no control over. It's still only Adobe's fault for mistreating their users, or us users fault for putting ourselves under Adobe's control, or both. Adobe and yourself, not suse. In no way is it suse's fault for having the perfectly correct policy that you can't ship a known unsupported and physically unsupportable software, even IF they had the legal right to do so, which they most likely do NOT have anyways. The gas station near my house used to sell good gasoline, then they made a change and now sell gasoline with 10% ethanol in it, which is bad for my cars engines and gives less mpg and attracts water and causes sludge over time and attacks rubber parts over time etc etc. I hate it. But it would be stupid to yell at the gas station owner for changing their product and selling me a bad product. The government made a law that all gas everywhere must include at least 10% ethanol. The fault is the governments, the various big companies that instigated this change to make money, and all the people's for allowing the government to do it. -- bkw -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Am 14.11.2013 22:02, schrieb Per Jessen:

If you believe the discussion to be off-topic, I suggest you be more constructive and suggest to whom people should address their grievances in this respect.

It has been stated many times in this thread that people need to go to Adobe with their complaints. In case it was too small to read for you, I'll have figlet spell it out bigger: _ _ _ / \ __| | ___ | |__ ___ / _ \ / _` |/ _ \| '_ \ / _ \ / ___ \ (_| | (_) | |_) | __/ /_/ \_\__,_|\___/|_.__/ \___| -- Stefan Seyfried "If your lighter runs out of fluid or flint and stops making fire, and you can't be bothered to figure out about lighter fluid or flint, that is not Zippo's fault." -- bkw -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On 2013-11-15 06:27 (GMT+0100) Jan Engelhardt composed:

...

/ \ __| | ___ | |__ ___ / _ \ / _` |/ _ \| '_ \ / _ \ / ___ \ (_| | (_) | |_) | __/ /_/ \_\__,_|\___/|_.__/ \___|

I suggest you write it in the puny HTML that they so desire, with <font size="72"><b><i><u><blink> ;)

What you might want to try is <font size="7">. :-p <font size="72"> wasn't valid even before <font> was deprecated: http://www.w3.org/TR/html401/present/graphics.html#edef-FONT I'm not sure if all current browsers will actually apply it, but I'm sure most if not all will disregard <blink>. To get puny you need one of the following: <font size="1">, <span style="font-size: 7pt">, <span style="font-size: 9px">, <span style="font-size: xx-small"> or any of several similar style rules, and hope the user doesn't know about minimum font size or zoom. :-D -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On Friday 2013-11-08 14:37, Carlos E. R. wrote:

On Friday, 2013-11-08 at 11:43 +0100, Michal Hrusecky wrote:

...

as said few times in thread already, Acrobat is not coming back, can we stop this flame now? Or take it to Adobe ;-)

Wasn't this a community? Or is it a dictatorship? :-?

Playing devil's linguist: A community is a community, but a dictatorship is a system (with autocratic attributes) by which a community is governed. Take your pick from http://en.wikipedia.org/wiki/Form_of_government -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org