On 12/15/25 21:01, Hans Hagen via ntg-context wrote: > On 12/15/2025 8:11 PM, Pablo Rodriguez via ntg-context wrote: >> [...] >> I have a patch for `lpdf-fld.lmt` which fixes this, but it requires >> fixing `poppler` (and probably any other software) first. > > This parent / child stuff has always been a mess: fix this, break that.
Many thanks for your reply, Hans. Our field parent and widget child is wrong (especially with signatures) because we have mixed dictionaries: a signature parent that also contains widget entries in the same object and a widget child that also has signature entries. Sorry, but I’m afraid this cannot work and this is why “Acrobat Reader” merges both dictionaries into a single one. With signatures (especially), there are two options, a single dictionary, or the parent has to be a pure field dictionary (no widget entries) and the child has to be a pure widget dictionary (no field entries). Also our signature fields add both a default value (I think it makes no sense in a signature) and a value (which I think it should be added when signing only). > A waste of time. Anyway, I have no 'full acrobat' to test and actually > try to avoid the reader with its aggressive 'ai wants to help making a > summary' kind of crap as well as the ever changing interfaces. I only have access to “Acrobat Reader”, no interest in any full version. I only use “Acrobat” to check signatures and `/GoToE` actions (link to embedded PDF documents) and nothing more. The forced “AI-help” is also really annoying for me. BTW, I’m doing all this testing to ensure “Acrobat” compatibility. Let me do all the work here and I will provide a patch. I’m going to waste my time here. “Acrobat” will be working fine and at least `poppler` (“Okular“ and “Evince”) will be able to use our signature fields. > Signing is dubious anyway with the necessity to use expensive tools > (because one can't use the free-ish web certificates) At least in Spain, our official IDs contain a pair of certificates (one for authentication and another for signatures, https://en.wikipedia.org/wiki/National_Identity_Card_(Spain)) and FNMT (the Spanish Royal Mint) provides free certificates for natural persons. As a general rule, I think that Article 5a.5.g of Regulation EU/910/2014 (http://data.europa.eu/eli/reg/2014/910/2024-10-18#art_5a) may require that: offer all natural persons the ability to sign by means of qualified electronic signatures by default and free of charge. In any case, signing with testing / self-made certificates is a good way to check whether a PDF document has been modified at all (by regular programs [such as SharePoint] or “helping AI”). > and (last time i checked) hard coded root keys in viewers. I don’t know that these root keys are. If they are root certificates, leaf/user certificates are signed in chain, so root certificates need to be there to verify the certificate chain (from a trusted CA). In the European Union, we have the EU Trust List (as defined by Regulation EU/910/2014. “Acrobat Reader” includes all root and intermediate certificates and this is really helpful. The EUTL helps to know whether an electronic signature is legally binding or not (since the signer’s identity has been verified by a trusted CA). Once I have checked all, I only ask you to include the patch for signature fields I will eventually send (if it’s ok, of course). Many thanks for your help, Pablo ___________________________________________________________________________________ If your question is of interest to others as well, please add an entry to the Wiki! maillist : [email protected] / https://mailman.ntg.nl/mailman3/lists/ntg-context.ntg.nl webpage : https://www.pragma-ade.nl / https://context.aanhet.net (mirror) archive : https://github.com/contextgarden/context wiki : https://wiki.contextgarden.net ___________________________________________________________________________________
