[prev in list] [next in list] [prev in thread] [next in thread]
List: ubuntu-devel-discuss
Subject: Re: Can a signed hash be added to font.ubuntu.com?
From: Paul Sladen <ubuntu () paul ! sladen ! org>
Date: 2017-08-08 16:57:38
Message-ID: Pine.LNX.4.21.1708081741460.3746-100000 () starsky ! 19inch ! net
[Download RAW message or body]
On Tue, 8 Aug 2017, Garrett R. wrote:
> http://font.ubuntu.com/ ... the domain not secured with https
Hello Garrett, thank you for suggestion to use HTTPS, which is now in
the bug tracker for the Ubuntu Font Family Website:
"font.ubuntu.com should use HTTPS"
https://bugs.launchpad.net/ubuntu-font-family-website/+bug/1709397
Truetype/Opentype Fonts also have a signing facility inside the font
itself---currently this is a block of nulls/zeros---but there are
long-term plans to make a completely open replacement for Microsoft's
own command-line signing tool.
If anyone (including yourself) would like to help with the
reverse-engineering, or a clean-room implementation of suitable
signing + certificate code; then:
https://github.com/sladen/fontsign
is one of the places this is being explored at. This should
ultimately benefit *all* free/libre fonts by opening up the
possibility of allowing the signing block to be used as designed with
only open tools.
-Paul
--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic