[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ft-devel] DSIG - Re: Freetype-devel Digest, Vol 130, Issue 8
|
From: |
Hin-Tak Leung |
|
Subject: |
Re: [ft-devel] DSIG - Re: Freetype-devel Digest, Vol 130, Issue 8 |
|
Date: |
Tue, 10 Nov 2015 00:00:59 +0000 |
------------------------------
On Mon, Nov 9, 2015 11:14 PM GMT Behdad Esfahbod wrote:
>On 15-11-09 02:42 PM, Hin-Tak Leung wrote:
>> ------------------------------
>> On Mon, Nov 9, 2015 8:44 AM GMT Behdad Esfahbod wrote:
>>
>> On 15-11-05 11:29 AM, Hin-Tak Leung wrote:
>>> Also, rather strangely Si Daniels of Microsoft doesn't know that
>>> microsoft's font signing tool package also ships a signature checking tool.
>>
>> That wasn't Si's point. It was that no piece of rendering software enforces
>> the signatures, ie. reject a font with a bad signature. Ie. the DSIG table
>> is
>> unused for all practical purposes.
>>
>> okay. That's correct - am rather surprised to find recently that one cannot
>> even
>> *view* the DSIG status of a font easily *on windows*; whereas I believe it is
>> easy/possible for executables. The DSIG status is simply not visible.
>>
>> But I think signing is a good thing - not from the security point of view,
>> but of
>> making font designers (or rather, font modifiers) less callous about doing
>> ad hoc modification of fonts. I think requiring signing - or even just
>> *showing*
>> the DSIG status - of fonts would improve the general quality of them.
>
>There's water under that bridge already. Neither WOFF nor WOFF2 maintain the
>exact byte sequence in a font.
>
Integrity checks clearly don't apply in situations involving embedding and
subsetting, as WOFF is, so that's all orthorgonal...
>There's nothing wrong with modifying fonts to suite one's purpose better.
>
>b
no, but there is a problem of redistributing such outcome.