- From: Patrick Garies <pgaries@fastmail.us>
- Date: Sat, 12 Apr 2008 09:12:52 -0500
- To: "Paul Nelson (ATC)" <paulnel@winse.microsoft.com>, www-style@w3.org
Paul Nelson (ATC) wrote: > Permanently installing on a remote system is: 1. A security issue. I > could put a style sheet that would fill your device's hard drive so > you could not put anything else on the device. Sorry for the end > user. Any file format that’s cached can do this; for example, this could be done by including an overloaded style sheet document in a UA that doesn’t even support |@font-face|. Considering that this isn’t considered enough of an issue with existing formats to result in UA vendors disabling caching entirely and UAs can be (and are) used as a barrier to address this issue (i.e., cache size limits), I don’t see why this would be an issue at all. > 2. A licensing issue. A font may or may not be allowed to be > installed permanently. It all depends upon the EULA. The safest thing > for UAs to do is to temporarily install the font for use with the > page using a memory only install. As far as I can tell, this offers no benefit to anyone but copyright holders; it hinders the UA for no practical benefit for the user or site author. Since other formats receive no such protection, one wonders why you would except font file formats? Even this “protection” is largely useless, since I would expect users to be able to obtain the files by navigating to the file URI directly if they couldn’t get it out of their cache. Additionally, don’t HTTP and UAs already have mechanisms to disable caching if this is the author’s desire? — Patrick Garies
Received on Saturday, 12 April 2008 14:13:38 UTC