[Pkg-fonts-devel] Greetings
Paul Wise
pabs at debian.org
Fri Mar 31 00:50:30 UTC 2017
On Fri, Mar 31, 2017 at 4:02 AM, Bobby de Vos wrote:
> I am a member of the Non-Roman Script Initiative (NRSI -
> http://scripts.sil.org) at SIL International (http://www.sil.org/). Many of
> the fonts that NRSI produces are already packaged and included in Debian. I
> have been invited by Daniel Glassey to be part of the Debian pkg-fonts team
> and update the fonts and the packaging for NRSI fonts.
Welcome to the team :)
> I recently made a new font package for a new NRSI font, LateefGR, you can
> see my work on my personal GitHub account at
>
> https://github.com/devosb/fonts-sil-lateefgr
I note that this font uses a build system that does not appear to be
available in Debian yet, is SIL NRSI planning on packaging it for
Debian? Debian likes to build fonts from source available in Debian
using FLOSS tools packaged for Debian.
https://github.com/silnrsi/smith
I also note that the repository for the font contains generated files,
including binary TTF/WOFF files. Usually git repositories contain zero
generated files, the generated files are listed in .gitignore and
always built from source and then placed into binary packages (zip
files for fonts). I would encourage SIL to adopt this model.
In addition, it would be great if there were electronic signatures
(OpenPGP/etc) of all git commits and tags and any zip files or
tarballs you release, so that Debian can verify the source code came
from SIL and wasn't modified by github or network attackers.
https://mikegerwitz.com/papers/git-horror-story
https://github.com/blog/2144-gpg-signature-verification
https://wiki.debian.org/Creating%20signed%20GitHub%20releases
https://wiki.debian.org/debian/watch#Cryptographic_signature_verification
--
bye,
pabs
https://wiki.debian.org/PaulWise
More information about the Pkg-fonts-devel
mailing list