compile will sign if the signature files are present in the directory

[zramsay]

IMO this shouldn't be the default behaviour. It's neat that themis-contract sign brings in a copy of the signature into the pwd but it seems both redundant and detrimental. Does it really need it to be there in order to render the PDF? Then all these signatures images get committed (although they don't really need to?). Not sure if that's ideal from a general opsec point of view. Other issue that I've just run into is when updating / making a new contract from an existing one. Since those signature images are in that directory, running themis-contract compile ends up signing the PDF contract. My current workaround is to delete the counterparty's signature and have them sign+compile+commit+push the final PDF.

[shonfeder]

It's neat that themis-contract sign brings in a copy of the signature into the pwd but it seems both redundant and detrimental. Does it really need it to be there in order to render the PDF? Then all these signatures images get committed (although they don't really need to?).

If you don't add the signature files, then how could I compile a contract on my machine that you had signed on yours? Where would I get the signature image from?

[shonfeder]

When you say "compile will sign" do you just mean it includes the signature in the generated PDF?