[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ft-devel] Digital signatures
|
From: |
Antoine Leca |
|
Subject: |
Re: [ft-devel] Digital signatures |
|
Date: |
Fri, 26 Aug 2005 09:42:48 +0200 |
On Thursday, August 25th, 2005 14:17Z George Williams wrote:
> First of all that seems a very weak form of protection.
I believe it is more social than technically effective.
> Secondly I don't really understand what damage a font can do to my
> system. The worst I can think of is
> a) crash the X server
> b) send pango into an infinite loop.
> To me neither of these seems all that worrying.
Because you are using a workstation. Think about it if you are running a
server instead (or an embeeded device). Then you do worry about about
crashing or sending a thread into infinite loop.
DSIG is a MS thing, and they have (thanks to the monolithic architecture
which integrates the GUI with the kernel, while targetting both workstations
and servers) to think about these issues.
> I don't see how a bad font can have any real effect on the integrity
> of my system.
Right now, neither am I. However it seems that in security, paranoia is a
needed skill.
Antoine