On Tue, 8 Aug 2017, Garrett R. wrote:
> http://font.ubuntu.com/ ... the domain not secured with https

Hello Garrett, thank you for suggestion to use HTTPS, which is now in
the bug tracker for the Ubuntu Font Family Website:

  "font.ubuntu.com should use HTTPS"

Truetype/Opentype Fonts also have a signing facility inside the font
itself---currently this is a block of nulls/zeros---but there are
long-term plans to make a completely open replacement for Microsoft's
own command-line signing tool.

If anyone (including yourself) would like to help with the
reverse-engineering, or a clean-room implementation of suitable
signing + certificate code; then:


is one of the places this is being explored at.  This should
ultimately benefit *all* free/libre fonts by opening up the
possibility of allowing the signing block to be used as designed with
only open tools.


Ubuntu-devel-discuss mailing list
Modify settings or unsubscribe at: 

Reply via email to