martin f krafft <[EMAIL PROTECTED]> wrote: > also sprach Frank KÃster <[EMAIL PROTECTED]> [2005.02.11.1332 +0100]: >> But you cannot include pdf files for which no source is included, >> or only Micro$oft .doc files, in a Debian package: We need the >> source code, and pdf, even if not compressed, cannot be taken as >> source code. > > This is debateable. PDF is basically PS, and PS is source code. > > So why not > > pdf2ps thefile.pdf > > ship the PS and build the PDF from it?
This is not really true. PS is a full-fledged programming language. PDF is not. They are very different from each other at a fundamental level, though they do share the same basic imaging model and page markup operators. Converting PS to PDF involves actually evaluating it and generating page marking operators with specific details hard-coded in. For example, you could write a postscript program that would behave differently depending on the paper size. You can't do this with PDF. You can't simply embed shell commands into a PDF file like you can into a PostScript file. The programming language features of PDF are limited to some small amount of arithmetical function evaluation. PDF doesn't even have a true operator stack like PostScript does. That isn't to say that it is impossible to create a security hole through a PDF file, but it's more comparable to html in that respect than to PostScript. In other words, you could include a malicious link or put invalid PDF data that would exploit a security hole in a specific PDF viewer, but you can't actually embed malicious code. -- Jay Berkenbilt <[EMAIL PROTECTED]>
