[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ft-devel] DSIG - Re: Freetype-devel Digest, Vol 130, Issue 8

From: Behdad Esfahbod
Subject: Re: [ft-devel] DSIG - Re: Freetype-devel Digest, Vol 130, Issue 8
Date: Mon, 9 Nov 2015 15:14:52 -0800
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0

On 15-11-09 02:42 PM, Hin-Tak Leung wrote:
> ------------------------------
> On Mon, Nov 9, 2015 8:44 AM GMT Behdad Esfahbod wrote:
>> On 15-11-05 11:29 AM, Hin-Tak Leung wrote:
>>> Also, rather strangely Si Daniels of Microsoft doesn't know that
>>> microsoft's font signing tool package also ships a signature checking tool.
>> That wasn't Si's point.  It was that no piece of rendering software enforces
>> the signatures, ie. reject a font with a bad signature.  Ie. the DSIG table 
>> is
>> unused for all practical purposes.
> okay. That's correct - am rather surprised to find recently that one cannot 
> even
> *view* the DSIG status of a font easily *on windows*; whereas I believe it is
> easy/possible for executables. The DSIG status is simply not visible.
> But I think signing is a good thing - not from the security point of view, 
> but of
> making font designers (or rather, font modifiers) less callous about doing 
> ad hoc modification of fonts. I think requiring signing - or even just 
> *showing*
> the DSIG status - of fonts would improve the general quality of them.

There's water under that bridge already.  Neither WOFF nor WOFF2 maintain the
exact byte sequence in a font.

There's nothing wrong with modifying fonts to suite one's purpose better.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]