On Thursday 25 August 2005 16:17, George Williams wrote: > There has been an argument running on the OpenType list about Digital > signatures.
Its more of a deep discussion than an argument :-) > I must confess I fail to understand the need for them on a linux/unix > platform. Perhaps someone can illuminate me, or perhaps linux/unix is > different enough from Windows/Mac that font validation isn't as > important. > > As I understand it, the Digital signature says that someone (who has at > one time been in some sense verified to exist) says the font is ok. But > it does not say the font has been validated or anything useful, just > that someone thought it was ok. (It doesn't even say that the someone > wasn't a virus-writer ten years ago when the certificate was obtained > who has since moved on from the original location) All it says is that this font was signed by X, and since then it hasn't been tampered with. > First of all that seems a very weak form of protection. True. Its more about integrity than security. > Am I missing something? No... it just menas that the font developer spent money and went through a lot of hassle to get a code signing certificate. It does NOT mean anything else at all. Its NOT mandatory to sign fonts. Greetings from Luxembourg, -- David Somers VoIP: FWD 622885 PGP Key = 7E613D4E Fingerprint = 53A0 D84B 7F90 F227 2EAB 4FD7 6278 E2A8 7E61 3D4E
pgpW5ycjmt9fu.pgp
Description: PGP signature
_______________________________________________ Freetype-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/freetype-devel
