Packaged fonts? (and regular audits?)
Stefan Nuxoll
stefan at nuxoll.eu.org
Tue Jul 14 14:35:44 UTC 2015
I do not see a maintainability benefit here, we aren't packaging the
bootstrap CSS framework, are we? This font in the case of this one
package is used in the HTML documentation for the package. The majority
use case for this font is to be paired with bootstrap, to be rendered by
a web browser, you are going to encounter it dozens of times a week on
various websites already. Since this font is likely to be used by web
applications as a TTF/OTF/WOFF web-font how are we going to handle the
selinux context to allow the httpd access to the font file, or any other
application server that runs an application packaged in the collection?
Stefan Nuxoll <stefan at nuxoll.eu.org<mailto:stefan at nuxoll.eu.org>>
----------------------------------------
> To: devel at lists.fedoraproject.org
> From: ppisar at redhat.com
> Subject: Re: Packaged fonts? (and regular audits?)
> Date: Tue, 14 Jul 2015 07:07:15 +0000
>
> On 2015-07-14, Stefan Nuxoll <stefan at nuxoll.eu.org> wrote:
>> This is going to be pretty common for anything that uses the bootstrap
>> CSS framework, since glyphicons is bundled as part of it. I do not see
>> much benefit from packaging this separately, especially as the license
>> for the glyphicons halflings font included with bootstrap is MIT, but
>> CC-BY from the upstream (glyphicons.org).
>>
> This is not matter of license. This matter of mainainability and
> security. Did you know that T42 fonts can contain code which is interpreted
> by font rendering engine?
>
> -- Petr
>
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
More information about the devel
mailing list