W3C home > Mailing lists > Public > www-font@w3.org > October to December 1997

Re: IE4 font security flaw (fwd)

From: Jelle Bosma <jelleb@euronet.nl>
Date: Fri, 24 Oct 97 12:50:12 +0100
Message-Id: <199710241050.MAA11202@mail.euronet.nl>
To: <www-font@w3.org>
>From:        MegaZone, megazone@livingston.com

>BFD, they should have gotten it right to start with.  MS screws up, but
>not this time.  Whining about IE is a cowardly, braindead move.  Suck it
>up, admit the foundaries screwed the pooch, and get it right from now on.

>2. I don't agree that they need to fix anything.  Now, my understanding is
>that if the bit were set correctly on the font in the first place, IE is
>no less secure than any other application using the same fonts.  The issue
>is the fonts being downloadable as a distribution system and then being
>hijacked and kept.  But if the font foundaries had set the bit correctly
>to start with it wouldn't be an issue.  It looks to me like the foundaries
>made the mistake, and now you're whining that MS needs to bail them out
>but adding *another* level of control to supercede the one there now.

If font foundries have set the embedding bits to view/print only
the they have the right to expect that the font is treated differently
then wen the bits are set to installable embedding! If IE treates
view/print embedded fonts which such sloppyness that they can easily
be kept and used then the foundries have all the right to whine:

They have set the bits correctly!

Jelle Bosma
Monotype Typography Ltd.
Received on Friday, 24 October 1997 06:50:25 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:01:38 UTC