The European Union's interoperability page reports:
In just three days, the Swiss open source community Wilhelm Tux reached its crowdfunding target of 10,000 CHF (about 8000 euro) to add support for digital signatures in PDF documents. The feature will be added to LibreOffice, a free and open source suite of office productivity tools. The project is awarded to Collabora, an open source IT service provider, which will deliver the new functionality in April.
The Swiss open source group began raising funds on 13 October. The campaign will allow users of LibreOffice to create PDF documents with digital signatures, conform to PDF/A signature standards. This is a requirement to creating PDF documents that can be legally binding.
Electronically signed PDFs can be legally binding when the signature is accompanied by a timestamp, explains Markus Wernig, the group's chairman. The open source group hopes to be able to fund this as well, if further donations come in.
The idea for the crowdfunding campaign was conceived at the LibreOffice Conference, which took place in Bern in early September. The open source group writes that a discussion on the feature attracted a lot of interest at the conference. "Digital signatures are important for being able to verify the authenticity of a document."
[...]The past few years, Swiss, German, and French public administrations have paid for comparable software development projects to improve open source office productivity.
Have any Soylentils been involved in FOSS development work where there was a bounty?
Related Stories
A little less than a year ago HackADay featured the start of a world-wide collaboration around an open source offline password keeper, the Mooltipass. The device enumerates as a keyboard and uses a PIN-locked smartcard to read an AES-256 key required to decrypt its credentials database. All password accessing operations need to be approved on its physical user interface to prevent impersonation.
As its beta testing phase is over, the Mooltipass crowdfunding campaign is now live and already achieved 44% of its $100k goal in less than four days.
(Score: 2) by AnonTechie on Monday October 27 2014, @07:56PM
Could this model significantly enhance the use of FOSS products ? and encourage developers ?
Albert Einstein - "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
(Score: 1) by Bill Dimm on Monday October 27 2014, @08:14PM
The model isn't really new. Bountysource.com [bountysource.com] has been allowing people to pledge money for bug fixes and feature additions for open source for a long time.
(Score: 0) by Anonymous Coward on Monday October 27 2014, @08:08PM
Here's a few opportunities https://www.fsf.org/resources/jobs [fsf.org]
Congrats Switzerland and LibreOffice!
(Score: 2) by FatPhil on Monday October 27 2014, @10:09PM
It is possible to sign arbitrary streams of octets, including with timestamps. That's how I submit my company accounts to the government every year. That's how the border police sent me a letter apologising for being incorrectly not allowed to travel across the border. (And IIRC, that was even a PDF file.) That's how signing protocols have been designed since the beginning of time. Crack open AC2 and look at the protocol definitions - at no point will the file format of a payload be mentioned - it is always just a sequence of octets. Signing sequences of octets is a solved problem. (Even sequences of bits too, of course.)
So why was a special feature needed for this not-particularly-portable document format? It'll probably need to be redone when the next incompatible version of the "standard" comes out, which is probably going to be in about April if I know how cynical Adobe are.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by frojack on Monday October 27 2014, @10:47PM
After citing two obvious examples of doing the exact same thing, you ask why it has to be done.
How could your prove the boarder police actually sent you that signed PDF. If you take it in to court, will the judge look at your printout of the PDF and decide it was valid? Will he ask for a copy of the PDF to see if it contained an electronic signature?
Signing a bunch of octets in a way that the is managed and portable and embedded in that series of octets and the tools that create that series is better than everyone on their own appending a their signature to a series of octets in their own preferred way, and telling everybody else, there it is, now its your problem to figure it out.
Or, were you merely being pedantic?
No, you are mistaken. I've always had this sig.
(Score: 2) by FatPhil on Monday October 27 2014, @11:25PM
That is a solved problem. There is no need to do any more programming to sign arbitrary octet streams. No money needs to be collected. Collabora do not need to get out of bed.
Any solution to the problem that does not sign arbitrary octet streams is insufficiently advanced compared to what is already out there, and has been available for the best part of 2 decades. It would effectively be creating a whitelist of things that can be signed, and starting that list with "PDFs". What's the point in that? How is that progress at all, it sounds like the exact opposite? It's not "managed and portable", it's "managed for PDFs and appropriate for PDFs", which is completely useless for *every other file type in the universe*.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by frojack on Tuesday October 28 2014, @12:32AM
It's not "managed and portable", it's "managed for PDFs and appropriate for PDFs", which is completely useless for *every other file type in the universe*.
How is that progress? Surely you are being intentionally daft.
Its progress, because people communicate with documents. And documents bear signatures. As we move from paper to digital form the communication happens faster with less damage to trees, but the tools we use provide scant capability to bear a signature that could not be easily faked.
This changes that. And the signature is is readable by other standard software.
That the key tools used for this purpose lacked the ability to sign a digital document in a standardized way, meant that many things that could have been digital were being rendered to paper so they could bear a signature.
You can't pay you taxes or create a legal document with a song, or a dll, or a file full of giberish. Signed or unsigned.
But you can create legal documents with digitally signatures in Many Countries [wikipedia.org].
Why? Because the standard has been agreed to almost the world over in ISO 32000-1:2008. The PDF specification [wikipedia.org] is an Open International standard which includes a signature capability. The capability to use this standard signature was lacking in one of the KEY tools used for creating such documents.
This adds that capability to a common document creation tool. Where's the problem with that?
And yet, you bitch, because a tool was improved to support an international standard, and apparently you bitch because the improvement of the tool did not include the ability to sign some random block of storage your computer is capable of generating, or that you possess a different signing method that nobody in the world except YOU use, and for which three is no international standard agreeing on how, or where the signature should be applied to the file.
Come on, for pete sake! What is your problem with this? You haven't proposed a single rational argument against it.
No, you are mistaken. I've always had this sig.
(Score: 2) by FatPhil on Tuesday October 28 2014, @03:25PM
And I don't confuse ISO for anything apart from a corrupt bogy that can be bought by proven anti-competative companies.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by frojack on Tuesday October 28 2014, @06:26PM
So you're walking away from your protest and accusing ME of not understanding the issue?
Ok, Got it.
No, you are mistaken. I've always had this sig.
(Score: 2) by FatPhil on Tuesday October 28 2014, @07:55PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2, Informative) by tftp on Tuesday October 28 2014, @01:10AM
I believe that works just great for a geek who has no issues with reading raw XML and being able to write a parser that checks the signature on part 2 using part 1 and a public key that it instantly wgets from somewhere.
However most people in this world are not educated in cryptography; they need a simple, trusted, visual representation of the signature, with all the relevant data in it. If that signature ever becomes questionable, other people can be brought in to inspect the document piece by piece. Normal people who work with documents (such as managers and secretaries) need the crutches of GUI - and the help of GUI as well, as it simplifies verification of signatures and allows to easily print a signed document, with the signature visible as part of it. Perhaps that's not bulletproof, but it's infinitely better than a low-res fax that has someone's signature all within 16 black-and-white pixels.
(Score: 0) by Anonymous Coward on Monday October 27 2014, @10:42PM
My attempt. [soylentnews.org]
The missing link:
The European Union's interoperability page reports [europa.eu]
-- gewg_
(Score: 0) by Anonymous Coward on Tuesday October 28 2014, @01:39AM
Independent FOSS support companies can contribute code back to upstream projects based on work funded by a user of that software. A recent example of this is the new block range index that was added to PostgreSQL 9.5 by 2ndQuadrant on behalf of a customer. The PostgreSQL project limits representation of a company or group so that patches are merged based on technical merit and community support. This prevents any single customer from dictating the direction of the product for all of its users, so you do not get into situations like the recent Debian technical steering committee coup d'éta for systemd.