Re: pdf files in upstream tarball and -doc package
martin f krafft <madduck@debian.org> wrote:
> also sprach Frank Küster <frank@debian.org> [2005.02.11.1332 +0100]:
>> But you cannot include pdf files for which no source is included,
>> or only Micro$oft .doc files, in a Debian package: We need the
>> source code, and pdf, even if not compressed, cannot be taken as
>> source code.
>
> This is debateable. PDF is basically PS, and PS is source code.
>
> So why not
>
> pdf2ps thefile.pdf
>
> ship the PS and build the PDF from it?
This is not really true. PS is a full-fledged programming language.
PDF is not. They are very different from each other at a fundamental
level, though they do share the same basic imaging model and page
markup operators. Converting PS to PDF involves actually evaluating
it and generating page marking operators with specific details
hard-coded in. For example, you could write a postscript program that
would behave differently depending on the paper size. You can't do
this with PDF. You can't simply embed shell commands into a PDF file
like you can into a PostScript file. The programming language
features of PDF are limited to some small amount of arithmetical
function evaluation. PDF doesn't even have a true operator stack like
PostScript does.
That isn't to say that it is impossible to create a security hole
through a PDF file, but it's more comparable to html in that respect
than to PostScript. In other words, you could include a malicious
link or put invalid PDF data that would exploit a security hole in a
specific PDF viewer, but you can't actually embed malicious code.
--
Jay Berkenbilt <ejb@ql.org>
Reply to: