W3C home > Mailing lists > Public > www-font@w3.org > October to December 1997

Re: IE4 font security flaw (fwd)

From: MegaZone <megazone@livingston.com>
Date: Fri, 24 Oct 1997 00:20:57 -0700 (PDT)
Message-Id: <199710240720.AAA15038@server.livingston.com>
To: www-font@w3.org
Once upon a time Daniel Will-Harris shaped the electrons to say...
>Perhaps with the OpenType Jamboree next week in Redmond there'll be some
>pressure to correct this quickly. With it public, they can't continue to
>ignore the problem until it's too late to correct it.

1. Yes they can, they're MS.  They're good at ignoring pressure.  There is
FAR more pressure on them to pull their head out of their nether orifice
on the Java issue and they haven't.  I doubt the average user cares at
all about this, many care about not being able to run valid Java applets
under IE.

2. I don't agree that they need to fix anything.  Now, my understanding is
that if the bit were set correctly on the font in the first place, IE is
no less secure than any other application using the same fonts.  The issue
is the fonts being downloadable as a distribution system and then being
hijacked and kept.  But if the font foundaries had set the bit correctly
to start with it wouldn't be an issue.  It looks to me like the foundaries
made the mistake, and now you're whining that MS needs to bail them out
but adding *another* level of control to supercede the one there now.

Personally I hope they don't, and foundaries pay more attention to how
they set things in the first place.

-MZ
--
Livingston Enterprises - Chair, Department of Interstitial Affairs
Phone: 800-458-9966 510-737-2100 FAX: 510-737-2110 megazone@livingston.com
For support requests: support@livingston.com  <http://www.livingston.com/> 
Snail mail: 4464 Willow Road, Pleasanton, CA 94588
Received on Friday, 24 October 1997 03:27:40 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:01:38 UTC