- From: Tab Atkins Jr. <jackalmage@gmail.com>
- Date: Fri, 31 Jul 2009 15:20:21 -0500
- To: Sylvain Galineau <sylvaing@microsoft.com>
- Cc: "rfink@readableweb.com" <rfink@readableweb.com>, www-font <www-font@w3.org>
On Fri, Jul 31, 2009 at 3:11 PM, Sylvain Galineau<sylvaing@microsoft.com> wrote: >>From: Tab Atkins Jr. [mailto:jackalmage@gmail.com] > >>That is indeed what I had missed. I was still running under the >>assumption that the rootstring bytes could be present, but were merely >>classified as padding in EOTL. My question is invalid if even the EOT >>version of the header (where that 'padding' is meaningful data) can't >>contain rootstrings. >> >>Thanks, Sylvain. > > Yeah. I've stated about a dozen times the current proposal stores no rootstrings but > since Lord was of course the main recipient it was most likely - and wisely - > skipped as part of the persistent background noise :) Nah, I heard it, it was just misunderstood. Even in the earlier ideas which reused a version of EOT with rootstrings, an EOTL still officially has no rootstrings - it just has padding. I was interpreting you to basically be saying that, thus the mutual confusion when we talked past each other. > Vlad and Roc, however, have stated their preference for preserving the rootstring option > for IE use only e.g. to allow authors to comply with EULA same-origin mandates. As > I don't have EULAs to look at, and the very impractical nature of rootstrings was one > of the main arguments against the EOT restriction model, the feature is effectively gone > for the time being. Not just disabled or ignored but absent. Well, there's a big difference technically between a single same-origin rootstring that is used only to serve the file to legacy clients, and a permanent rootstring facility that must be employed to serve it to *all* clients. The first isn't as important if it fails. The mental difference between a temporary hack for down-level clients and an enshrined portion of a spec is even greater. > Of course, this means that IE<=8 may enable hotlinking if server-side measures similar > to those used for other resource types are not in place. I'm looking into what checks, > if any, were done for this version of the format... Yup, this is why being *capable* of embedding a rootstring for downlevel clients is useful - it's relatively easy to employ in a limited fashion for downlevel clients, it's just really annoying to have to deal with all across one's toolchain. Foundries that don't place that kind of responsibility on the client can ignore it entirely, and once IE<=8 share drops enough it won't be worth worrying about (any more than the fact that wget, etc. can simply ignore same-origin restrictions if they choose). ~TJ
Received on Friday, 31 July 2009 20:21:20 UTC