On 2014-01-02 07:40, Jim Henderson wrote:
> On Wed, 01 Jan 2014 22:17:51 +0000, Carlos E. R. wrote:
>> The issue is real, not a joke.
>
> I found this:
>
> http://askubuntu.com/questions/226257/how-can-i-validate-a-pdfs-digital-
> signature-with-evince
>
> Looks interesting. Maybe try building with the evince patches suggested
> on OBS and see if it works for you.
It does (look interesting). I’ll wait. 
They say:
+++····························
So, you can experiment with the github development code if you wish, but it may not be a good idea
to patch poppler as other programs depend on it; however, it is likely that the digital signatures
feature will be available soon if it is integrated upstream. Judging by the evince screenshots for a
valid and invalid signature the patches do seem to be enabling just the features you are interested in.
····························+±
Meanwhile, I’ll use acroread in a jail or something.
From that post it seems that the devs are becoming aware of the problem and acting, so that’s good.
Thanks for finding it and posting it here
> I understand the issue is real for you and not a joke, but at the same
> time, I wonder why one would do business with someone who’s not honest
> enough to provide correct invoices.
As signed PDFs are a legally binding documentation in Spain, everybody is using them. That Linux
does not support those is of no consequence to people, as Windows is the de facto standard. It is my
fault for using experimental and unfinished and unprofessional software such as Linux.
That’s what they say, obviously, not me. But they have a point.
I have no choice, in any case.
> I submit unsigned invoices to my project coordinator/employer, and she
> pays them no problem. Probably because she wouldn’t do business with me
> if she didn’t trust me to be accurate in my reporting of the work I’ve
> done and the time it took.
>
> It strikes me, though, that if the source might falsify the content and
> digitally sign it, the digital signature is still going to be valid. So
> I’m not sure even after all the explanations you’ve given in various
> community areas what exactly the problem is that you’re having here.
No, the source would not falsify the documentation. I’m thinking of a man in the middle type of
attack. And the fact that the legal validity of documentation is broken on my end.
> I mean, if it’s a potential for someone to send you a fake invoice to be
> paid under someone else’s name, it seems trivial to get in touch with a
> representative of the organization that’s named on the invoice to get
> verification and documentation based on the invoice number.
In theory, yes
In reality, I just boot up Windows and check the document there.
Sigh.
See, there are several proprietary and very used software pieces that are abandoning the Linux camp.
Why? Flash, Acroread… Are they an attempt to force stop collaboration between the Windows and Free
camps, limited as it were?
(Yes, flash is evil. But it is needed).
–
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 “Bottle” (Elessar))