Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

C2PA metadata handling #662

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Conversation

kornelski
Copy link
Contributor

@kornelski kornelski commented Dec 23, 2024

There's Adobe's initiative to embed "provenance" metadata in files along with a cryptographically signed history of file changes. The metadata is invalidated if the file is changed in any way without updating the signature. Only parties trusted by Adobe are allowed to sign files.

AFAIK an open-source program can't be given a private key to sign its changes, so oxipng's only choices are to either avoid changing the signed files at all, or strip the invalidated c2pa metadata when optimizing files.

I've made oxipng strip the c2pa metadata by default. If explicit --keep=caBX is used, then the file will be skipped with a warning "The image contains C2PA manifest that would be invalidated by any file changes".

Copy link
Collaborator

@AlexTMjugador AlexTMjugador left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you a bunch for the PR!

I do question how open a standard truly is if, in practice, implementers end up hardcoding yet another centralized trust list curated by Adobe, especially when considering that a explicit design goal of the C2PA spec is "Whole Workflow Applicability". To be fair, the C2PA Implementation Guide mentions DLTs and NFTs as solutions to that problem, but I don't see them being relevant in practical applications. That said, this definitely is a topic better suited for discussion elsewhere, not on a technically good PR review 😂

I also like how you refactored the main function to return an ExitCode instead of calling exit, which plays nicer with destructors.

I just have a small nitpick before we can merge this.

@@ -75,6 +75,8 @@ pub struct Chunk {
#[derive(Debug, PartialEq, Eq, Clone)]
pub enum StripChunks {
/// None
///
/// …except caBX chunk if it contains a C2PA.org signature.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you replace this Unicode ellipsis character with three separate ASCII dots? It may be uncommon these days, but I can foresee some reasonable font and editor combinations having trouble to display it correctly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants