On Sun, Nov 10, 2019 at 8:11 AM Jay Berkenbilt wrote: > I am the upstream author and the debian maintainer of qpdf.
Disclaimer: I'm not part of either of the teams you CCed. > Do you have an opinion about which way I should go? I would drop the native crypto code from qpdf. If the native crypto code has any advantages over the equivalent code in GnuTLS/OpenSSL or other crypto libraries, then contribute those improvements to the relevant projects so that everyone can benefit from them. I would suggest enhancing the qpdf UI to notify the user when a PDF file being viewed is encrypted insecurely. -- bye, pabs https://wiki.debian.org/PaulWise
