
Github became the web's largest font piracy site (2017) - plibither8
https://pixelambacht.nl/2017/github-font-piracy/
======
gregmac
If I use a commercial font as part of my website design, I am in fact
publishing that font on my site and anyone can obtain a copy of it -- in fact,
they automatically do merely by visiting my site! Does this mean all my
visitors are "pirating"? Of course not. Github may make the font more
accessible/searchable, but that doesn't change anything about the copyright
status of the font.

Me publishing something on Github does not grant everyone free rights to it --
in fact, copyright law says no one has rights to it unless I _specifically_
grant those rights. This is most commonly done with a LICENSE file. The
copyright rules apply to everything in the repository, including my code, and
any fonts, icons or stock images. The fact something is on Github (or the
internet, in general) doesn't make it public domain, you still have to abide
by the license terms.

While I think the suggestion that "on github" = "piracy" is stupid, I could
see a couple things that could apply:

(1) If the license for the font explicitly states it's for "use" or
"distribution" on a single domain. Unless the license is clear about it, it'd
really be up to lawyers to argue over whether hosting the code in a public
repository on Github can be considered "use" or "distribution" \-- and
ultimately that argument is about one non-authenticating public URL being okay
while another non-authenticating public URL is not.

(2) If I've put a commercial font in my repository along with a typical
LICENSE file containing MIT/GPL/BSD/whatever without explicitly stating the
fonts are not under that license, then I'm basically mis-representing the
license for that font (which I should not be allowed to do).

Given that putting a font on Github is technically no different from
publishing on my site in terms of someone being able to 'pirate' it,
personally I think a Github repository with a proper license (not doing (2))
is fine, because the LICENSE file effectively says it's _not_ okay to just
copy that font.

~~~
roywiggins
Font licenses are pretty clear about what you are and are not allowed to do
with the font files you downloaded. For instance, you're not allowed to zip
them up and post them on filesharing sites. It does not matter _at all_
whether you include a LICENSE file saying "this is a nonfree font."

The problem is _not_ that you're misrepresenting the font as copyleft when it
isn't. The problem is that you simply don't have a license to redistribute the
font at will: merely uploading the font to a public GitHub repo violates the
license.

You have the right to serve the font from your webserver, and link it into
your site via CSS. You absolutely have not been granted the right to
redistribute the font in any other manner.

If you post a page on your site with "Like this webfont? Download here!" and
link to the same URL that you are using to host the font for display purposes,
you'd be violating the license. It's the same exact URL, but you can't post a
clickable download link to it. It's not allowed, and if you do, they can at a
minimum yank your license to use it at all.

[https://processtypefoundry.com/help/base/webfont-license-
agr...](https://processtypefoundry.com/help/base/webfont-license-agreement/)

Editing to add: trying to solve the problem by adjusting your LICENSE file is
roughly equivalent to the "I don't own this!!" disclaimers that people put on
YouTube uploads. They get DMCA'd just the same.

~~~
adanto6840
The intent often matters, but there's clearly a huge difference between your
example of a "download here!" link and usage on either a website or within a
GH-hosted repo.

When you say 'the right to serve the font from your webserver' \-- in this
case, 'your webserver' may simply be GitHub's web-server, a service they
provide to you as part of your payment to them (either because it's part of
the app you host on GH, or as a piece of the website hosted via GH Pages
[0])...

Assuming that the font's usage for the repo'd app/site is OK per the license
terms, then I'd be surprised if its availability in the repo would solely
cause it to fall out of compliance with the license. I suppose that the
licensor could, if they chose to do so, specifically include terms to preclude
the usage of the font on any sites hosted with "repository or other open file
listing indexes", or any other similarly restrictive arbitrary terms.

0 - [https://pages.github.com/](https://pages.github.com/)

~~~
roywiggins
The license I linked expressly forbids "distribution of the fonts through file
sharing services and online version control repositories accessible by the
public"

It would be the same if you publicly hosted a zip file containing your site's
contents, including the fonts. Or offered an open read-only FTP account to
your /web/ directory. Or any number of ways to make the font available
publicly that isn't via a web browser making a request triggered by a CSS
rule.

If it's a _private_ repository, I expect you'd be in the clear, since it's
just acting as a very fancy webhost, and you can obviously upload your fonts
to your webhost.

~~~
adanto6840
Indeed, it does. :)

In that case, it seems as though the rights-owner should simply take the
standard route (even if suboptimal) to enforce their rights -- given the
volume, they could likely work out a much better way to protect their IP (or
automate it, in the worst case).

I'd be a little bit surprised if they cared a whole lot, given that finding
the fonts is trivial for the reasons stated above. Almost comes across blog-
spammy at that point, heh.

------
Gracana
What's the difference between putting webfonts on your public website vs
putting them on your public github? This seems like a distinction that only
lawyers would care about, but I'm not a web developer (and I don't know much
about webfonts) so maybe there's something I'm missing.

~~~
wnevets
IANAL but I believe you may have a license (paid money) to use the font on
your site but you may not have a licence redistribute the font. You paid for
the right to air the latest UFC fight at your bar but that doesn't grant you
the ability to sale DVDs of it.

However a user of yours could just download the font from your web server or
record the fight on their phone.

~~~
c3534l
But it's not like a webpage renders an image for you and then you rend an
image: you send the user a font so that they can render the page themselves
with that font. It's being distributed either way.

~~~
toomuchtodo
Correct. Article OP is making the argument for a font to be treated as a
secret when it is not a secret. Intent and context is important; users aren't
putting them up on torrent sites in this case, but simply storing them
alongside the rest of their assets in source control.

EDIT: TLDR Downloading a publicly available font you don't have a license to
use violates copyright.

~~~
roywiggins
Accidentally exposing a folder of copyrighted font files over FTP would
probably technically violate the license, even if it was by accident. You're
serving the files outside of the licensed use (serving and rendering a
webpage).

Same as if you accidentally exposed to the internet your home server of
legally-created DVD backups. You'd still be violating the license under which
you bought the DVDs.

~~~
toomuchtodo
Show me an attorney willing to pursue accidental violators for damages,
especially when the asset in question is intended to be publicly served in the
course of its use.

I would genuinely be interested in case law's stance on this. Also interested
in what happens to the value of non-public domain fonts if you require the
digital asset to be handled as a secret (and all of the hassle that goes along
with that).

~~~
wnevets
>Show me an attorney willing to pursue accidental violators for damages,
especially when the asset in question is intended to be publicly served in the
course of its use.

There are some pretty sleazy lawyers out there.

[https://www.huffpost.com/entry/grandmother-sued-
downloading-...](https://www.huffpost.com/entry/grandmother-sued-downloading-
porn_n_900484)

~~~
toomuchtodo
Usually the sleaziest are dealt with accordingly, but it is a fair point.
Anyone can be sued for anything.

[https://arstechnica.com/tech-policy/2019/07/prenda-law-
porn-...](https://arstechnica.com/tech-policy/2019/07/prenda-law-porn-troll-
saga-ends-with-prison-for-founder/)

------
stefan_
Wait until they find out that when people visit the finished website in their
browser, it will download the font! Oh the piracy!

Just like in the real world, someone handing you the keys to their car doesn't
mean you own it.

~~~
sp332
The legal issue is with the repo owner putting it in the repo. The problem is
that it's a violation of the copyright _license_ , that's the only reason it's
an issue. Downloading the font file from the website is included in the
license, so it's fine.

~~~
bryanrasmussen
If the repo is the source for the website then the license is de facto
forbidding people from open sourcing their websites if they pay for a font for
it.

However the license does not explicitly limit the tools you can use to build
the website, and the website is allowed by the license to have the font. The
argument could be made by licensing the font for a website they have
implicitly licensed it to be on github because it is a widely used tool for
managing the source code of websites and if they (the font owners) wanted to
restrict its usage they should have specified.

~~~
ocdtrekkie
Either: You can open source the website without the font and say you open
sourced your website, or if you consider the font part of your website, it
means your website isn't open source... even if you put it on GitHub. Because
it's a copyright violation for someone to use that font.

Your best bet is to just use open source fonts, of which there are numerous.

~~~
bryanrasmussen
I think in the end as to whether or not you can put the font in your website
and have it public on github (which is not necessarily the same as not
encumbered by licensing issues) will need to be determined by the courts when
and if someone wants to test the issue.

~~~
roywiggins
What if the license explicitly forbids you putting it on GitHub?
[https://processtypefoundry.com/help/base/webfont-license-
agr...](https://processtypefoundry.com/help/base/webfont-license-agreement/)

~~~
bryanrasmussen
if the license explicitly forbids it you better not do it as I noted above.
but if the license does not explicitly forbid then I think you have an
argument that putting your website code on github is pretty common practice.

~~~
roywiggins
By default you don't have any distribution rights _at all_. None. You just
have a bare font file that you can't share with anyone else.

That's not very useful, so the license says "you may distribute this font file
as part of a website; you must be using this font to style a webpage. Any
other kind of distribution at all is still prohibited." There's no "common
practice" exception- just because they open up a little window that allows you
to distribute the font in a particular manner doesn't mean they've
accidentally given you the right to distribute it according to "common
practice."

Sharing MP3s on P2P sites is also a common practice, but obviously you don't
have a license to do that when you buy a CD.

~~~
bryanrasmussen
well I'm not a lawyer, and my American business law classes I took are now
more than 20 years ago, but as I recall there are common practice defenses if
those practices are in relation to something the contract allows you to do.

So the argument would go as follows:

the contract says "you may distribute this font file as part of a website; you
must be using this font to style a webpage. Any other kind of distribution at
all is still prohibited."

We have used this font to style a webpage, as is industry practice we have
placed the font in our site code, which is stored on github, which is also the
most widely used tool for distributing website code. The website code must be
distributed in order for the purpose of the license to be fulfilled -
obviously the font cannot be distributed as part of a website if the website
itself is not distributed.

At that point the court will have to determine what distribution of a website
means, if the font to be distributed as part of the website means that the
website will need to be distributed, and if github is so commonly used that
the license giver neglecting to mention it have given tacit approval to its
usage.

Aside from all this if one wanted to contest the issue the court would have to
determine if the font being in your github repository is you distributing it
just because someone else can fork it. For another silly analogy, just because
you put your beer on the table, walked outside, and a kid came in and drank
the beer, doesn't mean you sold liquor to a minor.

Perhaps I'm wrong but it doesn't seem as open and shut as everyone wants to
argue, unless there is specific prohibition of github in the license in which
case there is no longer a case to be made.

------
dbg31415
Funny story, I was working with an enterprise-sized company, a major telcom,
and we found out that we had used the "wrong" version of the font everywhere.
The original font was like "My Font" and the font we had used was the "Pro My
Font" that had a bunch of extra symbols and such in it and was higher-priced.
But we used it everywhere, for years. And it would have been a huge hassle to
change it all. So we emailed the designer and were like, "Look, we didn't
intend to screw you, but we also didn't really budget the $450k in estimated
licenses we'd need here... how about we pay you like $30k extra and call it
good?"

Anyway, long story short, the small-time designer guy was thrilled to get
$30k, and turns out he wasn't at all even monitoring for pirated versions of
his font anywhere... he didn't have any idea who had bought his font, so to
him it was just some random big company offering to give him free money. The
places that sell fonts should do a better job of passing on payment
(obviously) to designers, but also a list of who bought their fonts so they
can take some pride in knowing where their designs are being used.

------
jchw
Interestingly, typefaces are not copyrightable in the US, though fonts, being
computer code, can be. Not sure how this influences the situation, though.

~~~
Nextgrid
Wouldn’t it then be legal to make your own font (so you own the copyright on
the computer code) representing a commercial typeface?

~~~
pavlov
Yes. That’s why Windows bundled Arial instead of Helvetica. Although the
design of Arial is slightly modified, it’s fundamentally a straightforward
Helvetica clone with metrics compatibility (you can plug it in a layout in
place of Helvetica and not break anything).

~~~
c3534l
You have it wrong. Arial was created to not have to bother with
_international_ typeface laws as a legally distinct Helvetica. Apple just paid
the licensing fees in those countries where they were required to.

~~~
bduerst
You are both right:

[https://en.wikipedia.org/wiki/Helvetica#Arial_and_MS_Sans_Se...](https://en.wikipedia.org/wiki/Helvetica#Arial_and_MS_Sans_Serif)

------
jzunit
Been doing searches for "site:github.com <fontname>.ttf" for years.

This is a feature not a bug.

~~~
Brendinooo
Yikes. You ever try making a font? Do you know how many hours it takes and
what kind of profit margins you're eating into?

~~~
jzunit
The profit margins we are eating into is exactly ZERO. Why? because if most of
the time i need to actually pay for it, i'll just use the cheaper alternative:
Google Fonts.

There will be times when I need to use this font and make something that will
go live. That's the time to buy a font.

If font making is not profitable, then don't make fonts.

~~~
Brendinooo
This attitude is absolutely bonkers.

Someone is making a product and telling you what you can and cannot do with
it, and then you decide that none of that applies to you, because...I don't
know, you're entitled to use it if you happen to see it?

"There will be times when I need to use this font and make something that will
go live. That's the time to buy a font." \- that depends on the license that
the font foundry grants you.

"If font making is not profitable [due to lost sales via piracy], then don't
make fonts"...some kind of mental gymnastics there. "I will take freely from
you and if you can't afford to let me do that, it's your fault for making it
in the first place" is a tough ground to stand on.

~~~
jzunit
Most of the people who are taking your fonts are also making a product. We
understand the need to make a living and the difficulty of making a product. I
hope you get paid for what you do but you don't get to decide the market size
for your product when it is a digital good. The market does.

There is a market for paid specialty fonts used on a website. People should
pay for that. However, there is not much of a market for paid fonts used in
Sketch when developers and designers are testing out different concepts they
MIGHT use in production. You complaining that you are failing to monetizing
off that non-existent market is completely bonkers for me.

The ground I stand on is reality. You're living in a fantasy land where
musicians still get paid big dollars for records and where journalism is a
lucrative career.

~~~
Brendinooo
> You don't get to decide the market size for your product when it is a
> digital good. The market does.

"It's easy for me to acquire content against the content creator's wishes,
therefore I should dictate the market."

> There is not much of a market for paid fonts used in Sketch when developers
> and designers are testing out different concepts they MIGHT use in
> production.

Never said there was. There's an easy solution: don't take a font that doesn't
belong to you.

This all boils down to "I want something and don't want to pay what the
creator thinks it's worth." It's disrespectful, and it's straight-up
entitlement. Just don't use the font. Nobody owes you a particular typeface.

> The ground I stand on is reality.

The reality is that it's easy to do the wrong thing here, so you do it, then
try to pretzel your way into thinking that it's not morally wrong. Think
someone's overcharging? Then don't buy the product.

~~~
jzunit
The reality is that most people like myself are continue to do this regardless
of your morality rant. The problem is that your morality argument is based on
licensing terms and the legal system. The internet has its own morality that
is somewhat untethered to legality: use what you can get, pay for what you
feel you should. You can claim that this violates copyright or morality but
people vote with their clicks and git clones - there is nothing you can do to
change that.

And you can scream and write these type of blog posts all you want but really
it just ads to the Streisand effect. You think this blog post net increased or
decreased the awareness and use of github as a source of fonts?

~~~
Brendinooo
> The internet has its own morality that is somewhat untethered to legality:
> use what you can get, pay for what you feel you should.

I see you chose more of a passive tone here, as though you're just a cog in
the machine, totally helpless and unable to take action on your own.

The Internet is what people make of it, in part based on the sum of individual
choices.

> And you can scream

Not screaming.

> it just ads to the Streisand effect

Possibly. Maybe it alerts GitHub devs to the problem and they try to come up
with a solve. If font creators read it, they can work with repo owners to get
things in order. For my part, it pointed out a problem that I can take steps
to mitigate in the future with my own repos.

Anyways, obviously I can't stop you or anyone else from taking digital goods
at will. But in part, I wish that people would be more transparent about their
motives instead of talking themselves into thinking that they're not actually
doing something wrong.

Just say "I take things that don't belong to me because I deserve to have
them, it's easy to do so, and I won't get in trouble". At least it'd be an
honest assessment.

------
open-source-ux
What a depressing thread. The general consensus (at the time of submitting
this comment) is that posters don't care if commercial fonts are hosted on
GitHub in violation of their licence.

Many professional fonts are the work of a single type designer who may have
spent thousands of hours creating the typeface. Modern typefaces can have a
dozen or more weights and hundreds of glyphs.

It's hard work and time-consuming to create a professional type family. It's
depressing to come here and see how little people care for the work of other
professions.

~~~
darkpuma
Nobody is entitled to a flawed business model. Not developers of proprietary
software, and not designers of proprietary typefaces.

------
mcrider
I've been doing this for years -- Its a PIA dealing with each font foundry's
DRM system and getting it to work on my local dev environment. When I go live,
I deal with it but its also such a hassle to get clients to pay for a font,
give me the required info to use the foundry's DRM, etc. I bet if a foundry
used an honor system (give fonts away for free, charge a per-site license for
commercial use) they'd still make a profit and not have to deal with complex
DRM systems (and make it more likely for designers and developers to use their
fonts).

~~~
ryukafalz
Wait, this is a thing?

If I were ever asked to install some DRM to render a font I'd nuke that thing
from my system in a heartbeat.

~~~
mcrider
I use the term DRM loosely (possibly incorrectly!). What I mean is that most
font foundries make you include a CSS or JS file that only loads the requested
fonts for a domain or domains you specify in their backend.

------
skilled
I'm guilty of having searched GitHub's repositories for fonts I like. Using
them for personal projects and wouldn't mind paying for a license if I end up
loving it.

Though, it begs the question: who and how will find out that you simply
borrowed the font?

~~~
mattkevan
They can and do find out.

I used to work for a company that got hit up by Monotype for a six figure fine
to pay for using one of their fonts. The previous head of design hadn’t
bothered to sort tricky things like paying for fonts, mainly, I think, because
he knew senior management wouldn’t spring for it.

We switched them out for free alternatives and negotiated down the fee, but
they still had to part with a good amount of cash.

~~~
cwkoss
Companies which depend on IP trolling for their primary revenue always end up
being extortionists who drain society without producing further value.

~~~
mattkevan
As one of the world’s largest type foundaries I wouldn’t say that Monotype
doesn’t provide value.

They had us bang to rights for using one of their fonts on a site with over
1bn annual pageviews without a licence.

------
cogburnd02
Let's all just take a moment to remember that the design of fonts (in the US)
is NOT copyrightable. The only reason vector fonts are copyrightable at all is
a raging dumpster-fire called Adobe v Southern. [1] [2]

The case itself says this: "defendants contend that the numerical reference
points that define an outline of a glyph are unprotectable as a matter of law"
but then "the court finds that the Adobe font software programs are
protectable original works of authorship."

Note: when they say "font software programs" here, they simply mean a vector
(say, ttf) font file rather than a bitmap (say, bdf or pcf) font file.

David 'Novalis' Turner probably put it best when he wrote this: "A font face
-- that is, the look of a font, is not copyrightable... But font 'programs'
(truetype fonts, for example) are. Another ruling has extended the definition
of 'programs' to include certain outline data. Why this outline data is not
equivalent to a font face, nobody knows." [3]

[1]
[https://web.archive.org/web/20100522133154/http://lw.bna.com...](https://web.archive.org/web/20100522133154/http://lw.bna.com/lw/19980303/9520710.htm)

[2]
[https://en.wikipedia.org/wiki/Adobe_Systems,_Inc._v._Souther...](https://en.wikipedia.org/wiki/Adobe_Systems,_Inc._v._Southern_Software,_Inc).

[3]
[https://www.fsf.org/blogs/licensing/20050425novalis](https://www.fsf.org/blogs/licensing/20050425novalis)

------
JohnTHaller
Github is home to a ton of pirated content. Including closed source binaries
repackaged in violation of the publishers' licenses. But Github won't do
anything unless the copyright-holder submits a DMCA takedown notice.

~~~
akersten
As it should be! That's the most beautiful part of the DMCA, allowing sites to
operate without having to police every bit of user-uploaded content, only
requiring that violations are removed after having been alerted to them.

Could you imagine an upload filter or moderation queue before you were allowed
to push code to GitHub?

------
jrockway
Yeah I'm a big fan of people's dotfile directories for trying out fonts. I
remember some HN discussion about a proprietary font that was pretty good for
programming. I was on the fence on whether or not I wanted it, just by looking
at screenshots. So I used Github search to find someone that dumped it in
their home directory, downloaded it, and tried it out. I hated it! So I saved
money thanks to this piracy. (I use Iosevka now. Wow it's good.)

------
lol768
Don't PDFs and Word documents embed fonts, too?

~~~
roywiggins
Yes, and if you embed a font that you licensed as a webfont, you've violated
the license. [https://processtypefoundry.com/help/base/webfont-license-
agr...](https://processtypefoundry.com/help/base/webfont-license-agreement/)

~~~
lol768
My point is, if you have a desktop license (which is fine to use in print)
you'll be "redistributing" it in much the same way as a website which uses
@font-face and serves you the font files.

~~~
roywiggins
Well the difference is that the license will actually say that you can embed
the font in documents you produce. As far as the license is concerned,
emailing a document with the font embedded is a different thing from zipping
the bare font and sharing it on BitTorrent is a different thing from embedding
it on a webpage. You can burn a CD with your documents on it and share it, you
can't burn a CD with a bunch of bare font files and share that. Even if the
same exact bits end up written to the CD in both cases.

The technicalities, as far as the license is concerned, are not really the
point. It's not about whether you're physically sending the bits of the font
over the wire, but the whole context in which you're doing it.

------
pmoriarty
I've always found it interesting how the term "piracy" has been mostly
unquestioningly accepted by the media as the appropriate term to use for
copying, which arguably doesn't steal anything (unlike what has traditionally
been known as piracy before the digital age).

~~~
the_pwner224
Sharing is an even better term than copying; spreading information like this
actively creates value by exposing more people to these ideas and designs.

Not that I don't think the foundries should get paid for their work - I don't
have a fully formed opinion on this. But there is a definite upside to sharing
information freely, and this is better than mere copying.

~~~
floatboth
Just like all software, there's a lot of Free Software fonts and that's not
incompatible with money.

For example, back in 2012, I supported three SIL OFL licensed fonts on
Kickstarter:

[https://www.kickstarter.com/projects/typesenses/font-
design-...](https://www.kickstarter.com/projects/typesenses/font-design-
euphoria-script) [https://www.kickstarter.com/projects/impallari/fast-brush-
sc...](https://www.kickstarter.com/projects/impallari/fast-brush-script)
[https://www.kickstarter.com/projects/marcelommp/folk-is-a-
gr...](https://www.kickstarter.com/projects/marcelommp/folk-is-a-great-font-
lets-complete-it)

------
applecrazy
There should be a (2017) in the title. Thought this was something new.

------
tripzilch
I get why they're worried but really the problem started with web fonts.

The font file is published on the web page itself, just like the images, CSS,
etc. So everybody could already grab it from the web page itself, and in fact
this is what the browser does automatically, in order to render the font. It's
the whole point.

It doesn't really matter if it's committed to public github.

------
chaosfox
I wonder what would happen if the copyright holder of helvetica sent a DMCA
notice to github.

~~~
JorgeGT
Well, this repository mentioned in the article comments got DMCA'd:
[https://github.com/r4in/typefaces](https://github.com/r4in/typefaces)

------
OrwellianChild
This is kind of an adjacent question, and likely a very basic one, but if I
wanted to avoid linking out to a web font repository by properly licensing one
and self-hosting it, what even _is_ the correct procedure?

------
gingabriska
Why not fetch the fonts from the source they list as a part of the build
process?

That way you aren't distributing but pointing the interested ones to the
source website.

Or am I missing anything here?

------
King-Aaron
Wow, I never thought of stealing fonts via github.

Thanks, Barbra Streisand.

------
JackFr
Ironically I found the typeface of this post to be poorly rendered,
distracting and less pleasant to read than the usual web fare.

------
mesozoic
Ah the old archaic copyright system butting heads with reality.

------
ouid
This article is: 1) pedantic 2) wrong 3) about fonts 4) written by a copyright
narc

I simply do not understand its presence or popularity here.

------
jancsika
Is this "piracy" in the sense of Disney's "Pirates of the Caribbean?"

Like, Github is taking an niche subject matter, packaging it up for a more
general audience, and then distributing it worldwide?

~~~
ketralnis
No? This is taking copyrighted material owned by somebody else and
distributing it to people that haven't paid for it.

~~~
alunchbox
From a legal standpoint, based on the article most of these developers are
keeping the fonts in their assets (debatable if this is good or not).For
public repositories, not to be malicious and be offer free fonts... How much
trouble would they be in?

I Assume this is probably possible for FontAwesome premium icons as well ?

Having the server host the assets is probably the best solution (same rep) but
if it's not in Git then it needs to be managed in the build for other open
source developers. What's the _Correct_ way of handling this situation?

~~~
yjftsjthsd-h
> it needs to be managed in the build for other open source developers. What's
> the Correct way of handling this situation?

I would rather expect an open source project to use open-source fonts in the
first place, not least because it makes this precise problem a non-issue.

