(In reply to Adrian Johnson from comment #80)
> (In reply to Albert Astals Cid from comment #70)
> > For the pdfsigverify it seems we kind of agreeed on the compromise to call
> > it pdfsig that only does verification right now but in the future may
> > suppport signing?
>
> This is the only thing left that I think needs fixing before the initial
> release. A couple of questions:
>
> - Given that we want to keep the option open for using pdfsig to perform
> other signature operations, should the default behavior when only a pdf file
> is specified be to verify the signature? Or should we just indicate whether
> the pdf is signed and use an option to enable verification?
I think defaulting to verification makes sense as the "non destructive thing to do".
> - Is '-c' the best option name for "don't perform certificate validation"?
Honestly i don't think spending much time on discussing the option name makes much sense, we just need to document it properly and that's it.
(In reply to Adrian Johnson from comment #80)
> (In reply to Albert Astals Cid from comment #70)
> > For the pdfsigverify it seems we kind of agreeed on the compromise to call
> > it pdfsig that only does verification right now but in the future may
> > suppport signing?
>
> This is the only thing left that I think needs fixing before the initial
> release. A couple of questions:
>
> - Given that we want to keep the option open for using pdfsig to perform
> other signature operations, should the default behavior when only a pdf file
> is specified be to verify the signature? Or should we just indicate whether
> the pdf is signed and use an option to enable verification?
I think defaulting to verification makes sense as the "non destructive thing to do".
> - Is '-c' the best option name for "don't perform certificate validation"?
Honestly i don't think spending much time on discussing the option name makes much sense, we just need to document it properly and that's it.
>
> We also need a man page.
Yep.