On Tue, 8 Aug 2017, Garrett R. wrote:
> http://font.ubuntu.com/ ... the domain not secured with https
Hello Garrett, thank you for suggestion to use HTTPS, which is now in
the bug tracker for the Ubuntu Font Family Website:
"font.ubuntu.com should use HTTPS"
Truetype/Opentype Fonts also have a signing facility inside the font
itself---currently this is a block of nulls/zeros---but there are
long-term plans to make a completely open replacement for Microsoft's
own command-line signing tool.
If anyone (including yourself) would like to help with the
reverse-engineering, or a clean-room implementation of suitable
signing + certificate code; then:
is one of the places this is being explored at. This should
ultimately benefit *all* free/libre fonts by opening up the
possibility of allowing the signing block to be used as designed with
only open tools.
Ubuntu-devel-discuss mailing list
Modify settings or unsubscribe at: