Mailinglist Archive: opensuse-factory (1029 mails)

< Previous Next >
Re: [opensuse-factory] Let's keep acroread for pure reasons of usability.
On Thu, 2013-11-07 at 20:24 +0100, Carlos E. R. wrote:

On Thursday, 2013-11-07 at 11:44 -0200, Luiz Fernando Ranghetti wrote:

Of course Carlos case is a valid case and indeed he needs acroread, but is
a corner case.

All utility here (electricity, gas, water, telephone, etc) send their
receipts via paper, but all of them push for the clients to switch to
"electronic receipts", which mean PDF, and usually those PDFs are signed.
Unless signed electronically they don't have legal value; with the
signature, they are valid.

Only acroread supports signature verification. I have tried the same
receipt on okular and evince, and they don't even say there is a
signature.

(interestingly, the receipt was generated not by adobe software,
but by 3-Heights(TM) PDF Producer)

The other feature is PDF XFA form filling. None of the available open
source programs fully support forms. You need acroread to at least compare
and see if the alternatives are good enough or not, per case. These forms
may contain javascript code.

(interestingly, one of the samples posted here was produced by AFPL
Ghostscript 8.53, not adobe)


Those are two cases that require adobe software, and they affect many
users. In Windows I understand there are alternatives, but not in Linux.
Acroread in Wine does not work, except version 8 (according to wine docs),
and that is as bad as directly using Linux version number 8 or 9. Many
Linux users have also Windows machines, but I try to avoid booting to
Windows as much as I can.

It can be argued that there may be other methods to generate such forms
and signed document with open means. Perhaps. However, those
organizations, many of them, have chosen PDF, even if they don't use
adobe software to generate them. Surely they have explored the market to
find out what is available, thus also surely PDF is the best out there.

Previously I thought that Adobe had sold their product very well, but
finding out that the PDFs are often generated by alternate software, that
is no longer the explanation.


So, what exactly are the security risks I get into by opening local PDF
files (generated by reputable sources, such as governments) with acroread
in Linux? Can they be avoided or limited with a good AppArmor profile?

If the danger is in the Firefox plugin, for instance, that can be removed
with less trouble.


So, for some simple pdf okular & Co are apparently good enough.

But as Carlos wrote, it isn't working for more complicated ones.
Counting options....
A) Obviously keeping acroread forever isn't an option
B) keeping it for now is just postponing the inevitable
C) telling people, that if they want, they can install an ancient
version of acroread is just as bad as A)

D) in the beginning of this thread, someone suggested running a recent
version of acroread under wine.
-> When doing such thing, doesn't that involve any security risks? <-
-> What is the chance of providing this for the "default end-user" <-
-> Would it be allowed (if even possible) to create such a
nested&foreign package <-

E) Worst case scenario, having to install W7, just for viewing/filling
PDF's


Any other options????

--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
Follow Ups