Re: Digitally Signed Outputs

public inbox archive for pandoc-discuss@googlegroups.com
 help / color / mirror / Atom feed

From: Stephan Meijer <me-nPKYAObcRdo6Blr+0TYHagC/G2K4zDHf@public.gmane.org>
To: pandoc-discuss <pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>
Subject: Re: Digitally Signed Outputs
Date: Tue, 9 May 2023 17:24:05 -0700 (PDT)	[thread overview]
Message-ID: <4fffb9ee-436c-4356-88d1-6c918d3b44e8n@googlegroups.com> (raw)
In-Reply-To: <73c2358c-ef08-411f-94e7-0d55e14b29b7n-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>


[-- Attachment #1.1: Type: text/plain, Size: 2137 bytes --]

Please keep in mind that when people are able to hack into your CI 
pipelines, they can still tamper anyway.

Maybe you can sign the PDF after generating it? Maybe take a lookt 
at https://pypi.org/project/endesive/

On Tuesday, 9 May 2023 at 23:08:19 UTC+2 Malcolm Nixon wrote:

> Yes, PDF/A (when combined with a digital signature such as PAdES) looks to 
> be ideal in creating long-term tamper-resistant artifacts such as release 
> notes or test reports in CI pipelines.
>
> I found the PDF/A documentation and tried giving it a shot; however it 
> looks like it only works with the ConTeXt engine, and the pandoc docker 
> images only come with LaTeX.
>
> I might have to take a diversion and look into docker ;)
>
> Many thanks,
>
>     - Malcolm
>
> On Tuesday, May 9, 2023 at 6:52:19 AM UTC-4 Stephan Meijer wrote:
>
>> With digitally signed, do you mean PDF/A?
>>
>> Pandoc has some info about it on their FAQ: 
>> https://pandoc.org/faqs.html#how-can-i-produce-pdfa-with-pandoc
>>
>> Hope I was of any help.
>>
>> Stephan
>>
>> On Tuesday, 2 May 2023 at 00:42:57 UTC+2 Malcolm Nixon wrote:
>>
>>> Greetings all,
>>>
>>> I'm looking to use Pandoc to generate digitally-signed PDFs from a CI 
>>> workflow - specifically the digital signature would be evidence that the 
>>> document hasn't been tampered with.
>>>
>>> While the underlying Miktek PDF generator has a "digsig" package, it 
>>> looks like Pandoc doesn't have any command-line options for triggering the 
>>> signing of the output.
>>>
>>> Am I missing something in the documentation (such as some means of 
>>> specifying custom miktek extensions). 
>>>
>>> Many thanks,
>>>  - Malcolm
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups "pandoc-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pandoc-discuss+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit https://groups.google.com/d/msgid/pandoc-discuss/4fffb9ee-436c-4356-88d1-6c918d3b44e8n%40googlegroups.com.

[-- Attachment #1.2: Type: text/html, Size: 3509 bytes --]

next prev parent reply	other threads:[~2023-05-10  0:24 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-05-01 22:42 Malcolm Nixon
     [not found] ` <5f41500c-54d8-43ca-855b-e2acfd0779dfn-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>
2023-05-09 10:52   ` Stephan Meijer
     [not found]     ` <e2e27a0d-7044-4533-b2a6-f42634e84b78n-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>
2023-05-09 21:08       ` Malcolm Nixon
     [not found]         ` <73c2358c-ef08-411f-94e7-0d55e14b29b7n-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>
2023-05-10  0:24           ` Stephan Meijer [this message]
     [not found]             ` <4fffb9ee-436c-4356-88d1-6c918d3b44e8n-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>
2023-05-10  0:30               ` Stephan Meijer
     [not found]                 ` <7fd9f105-5d95-46ae-bf51-37c00c3532b7n-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>
2023-05-10  0:31                   ` Stephan Meijer
2023-05-10 10:21           ` Albert Krewinkel
     [not found]             ` <871qjoscsn.fsf-9EawChwDxG8hFhg+JK9F0w@public.gmane.org>
2023-05-10 18:45               ` Leonard Rosenthol
     [not found]                 ` <CALu=v3KtnixWASLZrp6pp8oCZoqkP_5L3xBOXMa2RavW8-wMwA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2023-05-10 20:48                   ` Malcolm Nixon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4fffb9ee-436c-4356-88d1-6c918d3b44e8n@googlegroups.com \
    --to=me-npkyaobcrdo6blr+0tyhagc/g2k4zdhf@public.gmane.org \
    --cc=pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).