[Pkg-fonts-devel] Bug#665334: non-DFSG postscript embedded in fontforge

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Mar 23 06:11:39 UTC 2012

Package: fontforge
Severity: serious

On 03/03/2012 07:48 AM, Nicholas Bamber wrote:
> We have a package libimager-perl where we have had to remove a few
> adobe-related test files as being non-DFSG. See
> http://cpansearch.perl.org/src/TONYC/Imager-0.88/adobe.txt .
> However given a comment in the latest version's changelog:
> " - note that the generator of the apparently non-DFSG-free postscript
> in MMOne.pfb is a Debian package."
> by which he means fontforge. I intend to email to the author and assure
> him that this is a purely precautionary measure on our part and that the
> functionality of the package is not inhibited.
> However since fontforge has been roped into the issue I wonder what you
> guys think.

Hi Nicholas--

Thank you for raising this issue.  I just did a bit of research to try 
to figure out what this is about.

In fontforge, it appears that this code is embedded in 

The originals of several of these functions seem to appear (with 
non-DFSG-free licensing) in the appendices of

In particular, the licensing says:

>>> This code, as well as the code in the following appendices, is copyrighted by
>>> Adobe Systems Incorporated, and may not be reproduced except by
>>> permission of Adobe Systems Incorporated. Adobe Systems Incorporated
>>> grants permission to use this code in Type 1 font programs, as long as the
>>> code is used as it appears in this document, the copyright notice remains
>>> intact, and the character outline code included in such a font program is
>>> neither copied nor derived from character outline code in any Adobe Systems
>>> font program.

This license looks pretty non-DFSG-free to me, and it applies at least 
to the makeblendedfont array in fontforge/othersubrs.c.

Even more depressing, the makeblendedfont array in othersubrs.c actually 
has a modified comment (correcting a mistakenly copy/pasted buggy 
comment from the code in the PDF!) which potentially means that it is 
itself in violation of Adobe's restrictive license.

I'm not really sure what to do about this other than to open an RC bug 
against fontforge, which this e-mail should do :(

We could probably make a new dfsg-free "clean" upstream tarball that is 
still capable of building fontforge binaries by ripping out big chunks 
of this file (i haven't tried it yet), but i don't know what that would 
do to fontforge's ability to do Type1 font generation.

Another approach would be to move fontforge from the main archive to the 
non-free archive; but it seems like that would relegate many of our font 
packages to contrib, due to build-dependencies. :(

I'm open to other suggestions; i would be overjoyed, in fact, to hear 
other suggestions.  Does anyone have any proposals?


More information about the Pkg-fonts-devel mailing list