[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ft-devel] DSIG - Re: Freetype-devel Digest, Vol 130, Issue 8
From: |
Behdad Esfahbod |
Subject: |
Re: [ft-devel] DSIG - Re: Freetype-devel Digest, Vol 130, Issue 8 |
Date: |
Mon, 9 Nov 2015 15:14:52 -0800 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 |
On 15-11-09 02:42 PM, Hin-Tak Leung wrote:
> ------------------------------
> On Mon, Nov 9, 2015 8:44 AM GMT Behdad Esfahbod wrote:
>
>> On 15-11-05 11:29 AM, Hin-Tak Leung wrote:
>>> Also, rather strangely Si Daniels of Microsoft doesn't know that
>>> microsoft's font signing tool package also ships a signature checking tool.
>>
>> That wasn't Si's point. It was that no piece of rendering software enforces
>> the signatures, ie. reject a font with a bad signature. Ie. the DSIG table
>> is
>> unused for all practical purposes.
>
> okay. That's correct - am rather surprised to find recently that one cannot
> even
> *view* the DSIG status of a font easily *on windows*; whereas I believe it is
> easy/possible for executables. The DSIG status is simply not visible.
>
> But I think signing is a good thing - not from the security point of view,
> but of
> making font designers (or rather, font modifiers) less callous about doing
> ad hoc modification of fonts. I think requiring signing - or even just
> *showing*
> the DSIG status - of fonts would improve the general quality of them.
There's water under that bridge already. Neither WOFF nor WOFF2 maintain the
exact byte sequence in a font.
There's nothing wrong with modifying fonts to suite one's purpose better.
b