[ft-devel] Digital signatures

[George Williams]

There has been an argument running on the OpenType list about Digital
signatures.

I must confess I fail to understand the need for them on a linux/unix
platform. Perhaps someone can illuminate me, or perhaps linux/unix is
different enough from Windows/Mac that font validation isn't as
important.

As I understand it, the Digital signature says that someone (who has at
one time been in some sense verified to exist) says the font is ok. But
it does not say the font has been validated or anything useful, just
that someone thought it was ok. (It doesn't even say that the someone
wasn't a virus-writer ten years ago when the certificate was obtained
who has since moved on from the original location)

First of all that seems a very weak form of protection.

Secondly I don't really understand what damage a font can do to my
system. The worst I can think of is
        a) crash the X server
        b) send pango into an infinite loop.
To me neither of these seems all that worrying.

I don't see how a bad font can have any real effect on the integrity of
my system.

Perhaps this is more of an issue on a system like the Mac where the
system can't come up in a non-windowing mode. So if the font used for
the menu is corrupt you are screwed.

Am I missing something?