Can a signed hash be added to

Paul Sladen ubuntu at
Tue Aug 8 16:57:38 UTC 2017

On Tue, 8 Aug 2017, Garrett R. wrote:
> ... the domain not secured with https

Hello Garrett, thank you for suggestion to use HTTPS, which is now in
the bug tracker for the Ubuntu Font Family Website:

  " should use HTTPS"

Truetype/Opentype Fonts also have a signing facility inside the font
itself---currently this is a block of nulls/zeros---but there are
long-term plans to make a completely open replacement for Microsoft's
own command-line signing tool.

If anyone (including yourself) would like to help with the
reverse-engineering, or a clean-room implementation of suitable
signing + certificate code; then:

is one of the places this is being explored at.  This should
ultimately benefit *all* free/libre fonts by opening up the
possibility of allowing the signing block to be used as designed with
only open tools.


More information about the Ubuntu-devel-discuss mailing list