Re: [css3-webfonts] Downloaded fonts should not...

Paul Nelson (ATC) wrote:
>  Permanently installing on a remote system is: 1. A security issue. I
>  could put a style sheet that would fill your device's hard drive so
>  you could not put anything else on the device. Sorry for the end
>  user.

Any file format that’s cached can do this; for example, this could be 
done by including an overloaded style sheet document in a UA that 
doesn’t even support |@font-face|. Considering that this isn’t 
considered enough of an issue with existing formats to result in UA 
vendors disabling caching entirely and UAs can be (and are) used as a 
barrier to address this issue (i.e., cache size limits), I don’t see why 
this would be an issue at all.

>  2. A licensing issue. A font may or may not be allowed to be
>  installed permanently. It all depends upon the EULA. The safest thing
>  for UAs to do is to temporarily install the font for use with the
>  page using a memory only install.

As far as I can tell, this offers no benefit to anyone but copyright 
holders; it hinders the UA for no practical benefit for the user or site 
author.

Since other formats receive no such protection, one wonders why you 
would except font file formats? Even this “protection” is largely 
useless, since I would expect users to be able to obtain the files by 
navigating to the file URI directly if they couldn’t get it out of their 
cache. Additionally, don’t HTTP and UAs already have mechanisms to 
disable caching if this is the author’s desire?

— Patrick Garies

Received on Saturday, 12 April 2008 14:13:38 UTC