Packaged fonts? (and regular audits?)

Stefan Nuxoll stefan at
Tue Jul 14 14:35:44 UTC 2015

I do not see a maintainability benefit here, we aren't packaging the 
bootstrap CSS framework, are we? This font in the case of this one 
package is used in the HTML documentation for the package. The majority 
use case for this font is to be paired with bootstrap, to be rendered by
 a web browser, you are going to encounter it dozens of times a week on 
various websites already. Since this font is likely to be used by web 
applications as a TTF/OTF/WOFF web-font how are we going to handle the 
selinux context to allow the httpd access to the font file, or any other
 application server that runs an application packaged in the collection?

Stefan Nuxoll <stefan at<mailto:stefan at>>

> To: devel at
> From: ppisar at
> Subject: Re: Packaged fonts? (and regular audits?)
> Date: Tue, 14 Jul 2015 07:07:15 +0000
> On 2015-07-14, Stefan Nuxoll <stefan at> wrote:
>> This is going to be pretty common for anything that uses the bootstrap
>> CSS framework, since glyphicons is bundled as part of it. I do not see
>> much benefit from packaging this separately, especially as the license
>> for the glyphicons halflings font included with bootstrap is MIT, but
>> CC-BY from the upstream (
> This is not matter of license. This matter of mainainability and
> security. Did you know that T42 fonts can contain code which is interpreted
> by font rendering engine?
> -- Petr
> --
> devel mailing list
> devel at
> Fedora Code of Conduct:

More information about the devel mailing list