Ubuntu
msttcorefonts package

msttcorefonts installs non-free fonts automatically and doesn't ask if user agrees with license

Bug #84453 reported by Mantas Kriaučiūnas
6
Affects Status Importance Assigned to Milestone
msttcorefonts (Baltix)
Confirmed
Medium
Mantas Kriaučiūnas
msttcorefonts (Debian)
Fix Released
Unknown
msttcorefonts (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: msttcorefonts

msttcorefonts installs non-free fonts without asking the user if he agrees with license and wants to install non-free fonts *now*.
It's very important to display MS TrueType fonts license, ask the user if he agrees with the license and wants (and has the ability) to install these fonts *now* and install real fonts only when user answers "yes" to these questions.
msttcorefonts package description is "Installer for Microsoft TrueType core fonts" (long description is "This package allows for easy installation of the Microsoft True Type Core Fonts for the Web"), so when the user installs this package, he thinks, that he is installing only *installer for MS TrueType fonts*, but starting from some msttcorefonts 1.x version, user gets not only installer, but also all the fonts installed automatically, without asking if user wants to have these fonts now :(
All similar packages (installers for non-free software, like flashplugin-nonfree), displays the license, asks the user if he agrees with the license and wants (and has the ability) to install these fonts *now* and really installs the fonts only if user answers "yes" to these questions.
This problem is very serious, as legal problems may occur (for user and even for Canonical). For example I or some company will distribute lot of Ubuntu-based OS CDs with msttcorefonts package (only with MS fonts installer) for schools, but currently the CDs would also contain the fonts (as fonts are installed automatically, without questions), so I can get law issues, because MS TrueType fonts are not free for redistribution in removable media (and in unpacked form)...

Revision history for this message
Thijs Kinkhorst (kink) wrote :

As with all packages, the copyright and licence conditions are in /usr/share/doc/msttcorefonts/copyright. This has always been the case.

It doesn't make sense if each package is going to prompt for this. I propose to close this bug.

Revision history for this message
David Morris (dave-greenacre) wrote :

the fonts aren't distributed within this package, they are download by the user when the downloaded package is run

Revision history for this message
Thijs Kinkhorst (kink) wrote :

Why is that a difference in a legal sense?

A package can also e.g. be limited to non-commercial use only, even though its binaries are just packaged within the distribution. We do not prompt the user to tell them this non-commercial restriction. I do not see what the crucial difference is between a downloader package and prepackaged binaries. In both cases it has been verified that the files in question are indeed legally distributable.

Revision history for this message
Dax Solomon Umaming (knightlust) wrote :

Thank you for taking the time to report this bug and help make Ubuntu better. However, I do agree that this is just a script and the fonts aren't distributed with this package. I am closing this bug as Won't Fix. Please feel free to reopen this bug report if you're still affected by it.
Thank you.

Changed in msttcorefonts:
status: New → Won't Fix
Revision history for this message
Dax Solomon Umaming (knightlust) wrote :

Changing Status of msttcorefonts (Baltix) to Invalid.

Changed in msttcorefonts:
status: New → Invalid
Revision history for this message
Mantas Kriaučiūnas (mantas) wrote :

Please don't close Baltix bugs, reported by main Baltix GNU/Linux developer...

Changed in msttcorefonts:
assignee: nobody → mantas
importance: Undecided → Medium
status: Invalid → Confirmed
Revision history for this message
Mantas Kriaučiūnas (mantas) wrote :

This bug is confirmed by several people, see for example debbug #461926 :

From: Roman Mamedov <email address hidden>
Subject: Severe problems on machines without (or with expensive) Internet access
Date: Mon, 21 Jan 2008 19:22:18 +0500

Package: msttcorefonts ; Version: 2.4

With the current version of the package:
- The user is not asked about whether or not s/he wants to download the font files from the Internet right now;
- The user is not given a way to supply the font files cached locally.
- When installing the package on many machines in a LAN, the fonts will be each time downloaded from the Internet, and there's no clear way to avoid that;
- There is no clear way to uninstall the half-installed package without letting it to download the fonts.
The "apt-get remove" operation tries to download them, and from the user point of view there is no way to avoid that.

Changed in msttcorefonts:
status: Won't Fix → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in msttcorefonts:
status: Unknown → New
Bug Watch Updater (bug-watch-updater)
Changed in msttcorefonts:
status: New → Fix Released
Revision history for this message
Thijs Kinkhorst (kink) wrote :

I do not agree with this. The package description clearly states:

 "You will need an Internet connection to download these fonts if you
 don't already have them."

Also, the debconf templates include this information and the ability to abort:

 "If you haven't yet downloaded these fonts, leave this blank and the fonts
 will be downloaded for you. Approximately 4 MB will need to be downloaded.

 If you are not connected to the internet or do not wish to download these
 fonts now, enter "none" to abort."

About the LAN-installation: there is in fact a good way to avoid that, and that is to specify a directory where the fonts can be found when presented with the msttcorefonts/dldir debconf question. This is intended exactly for such purposes.

The uninstallation problem has meanwhile been fixed.

Concluding, I don't think there's anything we can fix here.

Changed in msttcorefonts:
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.