Can a signed hash be added to font.ubuntu.com?
Paul Sladen
ubuntu at paul.sladen.org
Tue Aug 8 16:57:38 UTC 2017
On Tue, 8 Aug 2017, Garrett R. wrote:
> http://font.ubuntu.com/ ... the domain not secured with https
Hello Garrett, thank you for suggestion to use HTTPS, which is now in
the bug tracker for the Ubuntu Font Family Website:
"font.ubuntu.com should use HTTPS"
https://bugs.launchpad.net/ubuntu-font-family-website/+bug/1709397
Truetype/Opentype Fonts also have a signing facility inside the font
itself---currently this is a block of nulls/zeros---but there are
long-term plans to make a completely open replacement for Microsoft's
own command-line signing tool.
If anyone (including yourself) would like to help with the
reverse-engineering, or a clean-room implementation of suitable
signing + certificate code; then:
https://github.com/sladen/fontsign
is one of the places this is being explored at. This should
ultimately benefit *all* free/libre fonts by opening up the
possibility of allowing the signing block to be used as designed with
only open tools.
-Paul
More information about the Ubuntu-devel-discuss
mailing list