touch-packages team mailing list archive

Thread
Date

[Bug 740506]

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Adrian Johnson <ajohnson@xxxxxxxxxxx>
Date: Wed, 28 Oct 2015 10:35:16 -0000
Reply-to: Bug 740506 <740506@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

(In reply to Andre Guerreiro from comment #97)
> Quoting from ISO 32000-1 section 12.8.1: 
> "This range should be the entire file, including the signature dictionary
> but excluding the signature value itself (the Contents entry). Other ranges
> may be used but since they do not check for all changes to the document,
> their use is not recommended."

This advice is for PDF producers. As a PDF consumer we should accept
PDFs that don't follow this advice.

https://en.wikipedia.org/wiki/Robustness_principle

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to poppler in Ubuntu.
https://bugs.launchpad.net/bugs/740506

Title:
  verify digital signatures

Status in Evince:
  Confirmed
Status in Poppler:
  Confirmed
Status in poppler package in Ubuntu:
  Triaged

Bug description:
  Binary package hint: evince

  This is a feature request to verify digital signatures.  I'm receiving more and more digitally signed PDF's and evince already acknowledges them with:
  Signature Not Verified
  Digitally signed by <signer>
  Date:  <time stamp>
  Reason: <reason>
  Location: <location>
  but it would be great if Evince would be integrated into the distro's ca-certificate infrastructure to verify these signatures.

To manage notifications about this bug go to:
https://bugs.launchpad.net/evince/+bug/740506/+subscriptions