RE: non-normative best practices & file caching from Levantovsky, Vladimir on 2010-10-03 (public-webfonts-wg@w3.org from October 2010)

From: Levantovsky, Vladimir <Vladimir.Levantovsky@MonotypeImaging.com>
Date: Sat, 2 Oct 2010 20:37:31 -0400
To: David Singer <singer@apple.com>, John Hudson <tiro@tiro.com>
CC: Sergey Malkin <sergeym@microsoft.com>, Christopher Slye <cslye@adobe.com>, Håkon Wium Lie <howcome@opera.com>, "public-webfonts-wg@w3.org" <public-webfonts-wg@w3.org>
Message-ID: <7534F85A589E654EB1E44E5CFDC19E3D049DD31A88@wob-email-01.agfamonotype.org>

On Friday, October 01, 2010 6:59 PM David Singer wrote:
> 
> I think perhaps that the shoulds should be musts, or the language needs
> to talk about not making the font available outside its licensed use
> (if the client can tell it's freely distributable, then you can
> expose/install it if you like, but I don't know how it would tell)
> 

I agree. The note is intended to clarify the normative language of the preceding paragraph, and even though the nature of the note is informative, the use of plain English "must" or "must not" would be perfectly in line with the normative language of the spec.

Thank you,
Vlad


> On Oct 1, 2010, at 15:47 , John Hudson wrote:
> 
> > I suggest the following for the section 1 note text, incorporating
> Sergey's suggestion re. 'made available for use' and Håkon's reference
> to caching:
> > __
> > The WOFF format is intended for use with @font-face to provide
> downloadable fonts linked to specific web pages. It is therefore
> recommended that WOFF files should not be treated as an installable
> font format in desktop operating systems or similar environments. The
> WOFF-packaged data will typically be decoded to its original sfnt
> format for use by existing font-rendering APIs that expect OpenType
> font data, but such a decoded font should not be exposed as a file on
> disk, and while it is acceptable for clients to store decoded files in
> a cache, such files should not be installed or otherwise made available
> for use by other processes or documents on the system.
> > __
> >
> >
> > Sergey wrote:
> >
> > > ...this is one of things people did not like about raw
> > > fonts lying around on user's disks. With unpacked fonts
> > > cached, users will be able to grab naked OpenType font
> > > binary, stripped form WOFF metadata or private data.
> > > Some encryption/obfuscation may be welcome.
> >
> > It would certainly be welcome. I wonder if, presuming existing models
> for such encryption or obfuscation already exist for other cached data,
> we might recommend and reference one as part of the WOFF documentation?
> >
> >
> > JH
> >
> >
> 
> David Singer
> Multimedia and Software Standards, Apple Inc.
>

Received on Sunday, 3 October 2010 00:38:16 UTC