Dealing with Signature Shadow PDF "vulnerability"

Albert Astals Cid aacid at kde.org
Tue Aug 4 23:37:57 BST 2020


El dimarts, 4 d’agost de 2020, a les 12:52:39 CEST, David Hurka va escriure:
> > > 1) Okular is provided AS IS and WITHOUT WARRANTY, right?
> > 
> > I'm confused as to why you brought this up.
> > 
> > Are we going to answer "Okular is provided AS IS and WITHOUT WARRANTY,
> > right?" to all the bugs we have in bugzilla and close them?
> 
> I don’t think that would be nice, and not the purpose of a bug tracker.
> 
> I thought about whether Okular could be made responsible for such close-to-
> legal issues, and how much we should care about this. You are probably right, 
> this sentence wasn’t exactly appropriate. Sorry.

It's not a legal issue, it's a bug, we're telling people wrong information that may mislead them.

> 
> > please if you have access to non tech people, do the same.
> 
> Ok.

So I explained the issue to my mother and first she said "there have been changes to the document since signed" made more sense because "the old signed version was gone". Then I explained her that no, actually the old version is still also available inside the file and she said "oh well, then mentioning the revision thing is probably more accurate, but would still confuse people like me that didn't know the old version was available".

For a sample size of 1, the "there have been changes to the document since signed" (or better worded) wins by a slight margin.

Cheers,
  Albert




More information about the Okular-devel mailing list