- From: Chris Lilley <chris@w3.org>
- Date: Tue, 5 Jan 2016 18:27:43 +0200
- To: Behdad Esfahbod <behdad@google.com>, Roderick Sheeter <rsheeter@google.com>
- CC: Jonathan Kew <jfkthame@gmail.com>, WOFF Working Group <public-webfonts-wg@w3.org>, Khaled Hosny <khaledhosny@eglug.org>
Hello Behdad, Tuesday, January 5, 2016, 5:20:10 PM, you wrote: > It's a lot of work. Would require auditing all of the > GSUB/GDEF/GPOS code. It's not worth my time. If someone else wants > to do, they are welcome to. And most of the checks we are talking about are bogus. If the checks being made are spurious and error-prone, they should be removed from the code. Leaving them there (with a "security" label attached) risks that some developer re-enables them "to improve security" without realizing they do no such thing. -- Best regards, Chris Lilley Technical Director, W3C Interaction Domain
Received on Tuesday, 5 January 2016 16:27:55 UTC