On Tue, 8 Aug 2017, Garrett R. wrote: > http://font.ubuntu.com/ ... the domain not secured with https
Hello Garrett, thank you for suggestion to use HTTPS, which is now in the bug tracker for the Ubuntu Font Family Website: "font.ubuntu.com should use HTTPS" https://bugs.launchpad.net/ubuntu-font-family-website/+bug/1709397 Truetype/Opentype Fonts also have a signing facility inside the font itself---currently this is a block of nulls/zeros---but there are long-term plans to make a completely open replacement for Microsoft's own command-line signing tool. If anyone (including yourself) would like to help with the reverse-engineering, or a clean-room implementation of suitable signing + certificate code; then: https://github.com/sladen/fontsign is one of the places this is being explored at. This should ultimately benefit *all* free/libre fonts by opening up the possibility of allowing the signing block to be used as designed with only open tools. -Paul -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss