[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ft-devel] DSIG - Re: Freetype-devel Digest, Vol 130, Issue 8

From: Hin-Tak Leung
Subject: Re: [ft-devel] DSIG - Re: Freetype-devel Digest, Vol 130, Issue 8
Date: Tue, 10 Nov 2015 00:00:59 +0000

On Mon, Nov 9, 2015 11:14 PM GMT Behdad Esfahbod wrote:

>On 15-11-09 02:42 PM, Hin-Tak Leung wrote:
>> ------------------------------
>> On Mon, Nov 9, 2015 8:44 AM GMT Behdad Esfahbod wrote:
>> On 15-11-05 11:29 AM, Hin-Tak Leung wrote:
>>> Also, rather strangely Si Daniels of Microsoft doesn't know that
>>> microsoft's font signing tool package also ships a signature checking tool.
>> That wasn't Si's point.  It was that no piece of rendering software enforces
>> the signatures, ie. reject a font with a bad signature.  Ie. the DSIG table 
>> is
>> unused for all practical purposes.
>> okay. That's correct - am rather surprised to find recently that one cannot 
>> even
>> *view* the DSIG status of a font easily *on windows*; whereas I believe it is
>> easy/possible for executables. The DSIG status is simply not visible.
>> But I think signing is a good thing - not from the security point of view, 
>> but of
>> making font designers (or rather, font modifiers) less callous about doing 
>> ad hoc modification of fonts. I think requiring signing - or even just 
>> *showing*
>> the DSIG status - of fonts would improve the general quality of them.
>There's water under that bridge already.  Neither WOFF nor WOFF2 maintain the
>exact byte sequence in a font.

Integrity checks clearly don't apply in situations involving embedding and 
subsetting, as WOFF is, so that's all orthorgonal...

>There's nothing wrong with modifying fonts to suite one's purpose better.

no, but there is a problem of redistributing such outcome.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]