- From: Jonathan Kew <jfkthame@gmail.com>
- Date: Tue, 5 Jan 2016 16:43:12 +0000
- To: Chris Lilley <chris@w3.org>, Behdad Esfahbod <behdad@google.com>, Roderick Sheeter <rsheeter@google.com>
- Cc: WOFF Working Group <public-webfonts-wg@w3.org>, Khaled Hosny <khaledhosny@eglug.org>
On 5/1/16 16:27, Chris Lilley wrote: > Hello Behdad, > > Tuesday, January 5, 2016, 5:20:10 PM, you wrote: >> It's a lot of work. Would require auditing all of the >> GSUB/GDEF/GPOS code. It's not worth my time. If someone else wants >> to do, they are welcome to. And most of the checks we are talking about are bogus. > > If the checks being made are spurious and error-prone, they should be > removed from the code. Indeed; and if there are checks that are valid in principle but buggy in implementation, let's get them fixed in OTS. Saying "this is unnecessary because harfbuzz is robust" is not a sufficient answer, because harfbuzz is not the only consumer of OpenType fonts, nor is it well suited to font developers wishing to validate the fonts they're producing. It's great that harfbuzz aims to be robust in the face of bad font tables, but this does not make OTS validation worthless. JK > > Leaving them there (with a "security" label attached) risks that some > developer re-enables them "to improve security" without realizing they > do no such thing. > > -- > Best regards, > Chris Lilley > Technical Director, W3C Interaction Domain > >
Received on Tuesday, 5 January 2016 16:43:44 UTC