[Pkg-fonts-devel] license violations with embedded binary copies of GNU FreeFont?

Paul Wise pabs at debian.org
Thu Jun 9 10:32:19 UTC 2011

On Thu, Jun 9, 2011 at 5:43 PM, Nicolas Spalinger
<nicolas_spalinger at sil.org> wrote:

> Don't you mean "bundling" instead of "embedding" in this situation?
> (Embedding is inclusion of the font in a document or file in a way that
> makes extraction - and redistribution - difficult or clearly discouraged

Yeah, I guess I mean bundling. The terminology I use here is
code-related ie "embedded code copies". In the font world I guess the
equivalent is bundling.

> I didn't take time to look at it in details (sorry, spare time is still
> a very scarce resource) but I'm fairly sure there are still many fonts
> under *GPL* without their source requirements satisfied both upstream
> and downstream. It would be useful to point out the issues to the
> maintainers so the bugs can be fixed. Many thanks for your efforts on this !

Ok, thanks for the encouragement.

> Also many of these fonts are still missing the font exception as a
> okay-ish workaround to the embedding issues. (As you can expect I'm
> recommend advocating a license with explicit coverage of the embedding
> issues!) So I think another key issue for us is to flag in the Debian
> archive is PDFs which embed fonts in breach of the license, probably
> unwillingly but still problematic. Licenses that don't allow embedding
> and propagate the copyleft and source requirements to the resulting
> document without the user's consent unfortunately easily create breaches
> of the author's chosen licensing.

I would think that detecting non-free and other fonts embedded into
PDFs is quite hard to do, do you have some thoughts on that?

On that topic, I wonder if we need a lintian complaint for fonts in
main that have restrictive bits enabled; no embedding/modifying etc.

> To help with this I'm working on a simple adaptation of our review
> script to analyse all pdfs in the archive and produce a report about all
> the fonts used. Basically it's exposing the output of pdfinfo and
> pdffonts (from poppler-utils) from all the pdfs. This should help us as
> a team to fix the situation. (we can look at other types of documents
> later on).

Interesting, I would suggest exposing that as links and todo items on
the PTS so we can spread around the work of fixing this stuff.

> But I have trouble accessing our svn with the new Alioth setup. Can
> someone in the team be so kind and explain how they've switched their
> access configuration or point me to the right docs? Thanks in advance.

The SSH host keys have changed.

Login via password is no longer enabled, need SSH keys instead.


The web-based SVN viewers are at different URLs, as is anonymous access IIRC

There are some issues that remain unresolved for now:




More information about the Pkg-fonts-devel mailing list