W3C home > Mailing lists > Public > www-font@w3.org > July to September 2009

RE: The unmentionable

From: Thomas Lord <lord@emf.net>
Date: Wed, 29 Jul 2009 13:18:33 -0700
To: Sylvain Galineau <sylvaing@microsoft.com>
Cc: John Hudson <tiro@tiro.com>, "www-font@w3.org" <www-font@w3.org>
Message-Id: <1248898713.5922.99.camel@dell-desktop.example.com>
On Wed, 2009-07-29 at 20:04 +0000, Sylvain Galineau wrote:
> >From: Thomas Lord [mailto:lord@emf.net]
> >Sent: Wednesday, July 29, 2009 11:46 AM

> >What I said was simply that the Rationale for
> >CORS for linked fonts in a Recommendation must
> >almost certainly NOT mention "IP protection".

> Yeah, I got that. But I don't know what that recommendation
> will be, I don't know whether it will address hot-linking, CORS
> or same-origin policy, and I don't know how e.g. whether those
> things will be optional or mandatory so I'm not in a solid position
> to worry about it intelligently today. I'm limited that way. Sorry.

I see.  Well, people are discussing whether or not
CORS should be in there, including you.  And whether
or not it should be "optional or mandatory".

It's easy to get tangled up in that kind of discussion
by talking only about various subjective viewpoints of what
is desirable or not desirable.

One way to untangle is to concentrate on what a Recommendation
might say, and why, and on why such a Recommendation should
be Approved.

"What would you like to buy at the store?"
"A pony!"
"Well, we are only going to the *grocery* store."
"Oh! An apple!"

> So far, we know that font license language may recommend the mitigation of a certain use-case
> (hot-linking),

If that is all that we knew then we wouldn't be
talking about same-origin or CORS.

>  and that this specific solution is one of the options a particular font
> vendor suggests as a way to address said use-case. That's it. I have not yet seen an
> explicit or implicit statement demanding that this be specifically standardized
> in a web font file format spec or else no fonts will be licensed. Or that this must
> be the solution at the exclusion of any others. (I may have missed it though).

Here is an example of the kind of misleading statement 
going around:

>>(e) There may be objections that using same-origin and/or CORS as a
>>lightweight form of license restriction is anathema to the web as a
>>whole, and hence browser implementors might be very loathe to
>>implement something like this for fear of setting bad precedents.

> Firefox already does this.

Firefox does not "[use] same-origin [or] CORS as
a lightweight form of license restriction."

It is helpful that people understand why that
is the case.

> >I also said that if no other Rationale were offered,
> >there would be objections to CORS (that would
> >likely prevail, in my opinion).
> >Finally, I offered two such Rationale and commented
> >on their relative strengths.
> >
> >I see no reason for you to denigrate that contribution
> >as a mere "debate [about] the philosophical suitability
> >of CORS".
> You're the one calling it denigration and adding 'mere' in front
> of it. I am pointing out this exact solution has already shipped.

You made a very misleading statement.

> I think that's significant. If you don't, that's fine.

Your account of things was misleading.

Received on Wednesday, 29 July 2009 20:33:48 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:37:33 UTC