Skip to Content.
Sympa Menu

cacert-policy - Re: CACert Root Distribution for Fedora

Subject: Policy-Discussion

List archive

Re: CACert Root Distribution for Fedora

Chronological Thread 
  • From: Ian G <iang AT>
  • To: cacert-policy AT
  • Subject: Re: CACert Root Distribution for Fedora
  • Date: Sun, 30 Oct 2011 22:50:11 +1100
  • Authentication-results:; dkim=pass (1024-bit key) header.i= AT; dkim-asp=none

Well, after tussling with their non-free wiki pages for a while, I finally got to post a comment that explains the CAcert position on licences:

Unfortunately it is too hard for them to understand. The basic flaw in their assumption is that the root key is "software" and therefore could be GPL-compatible. This is wrong....

We'll see if anyone nibbles over at Fedora :)


PS: what is the difference between Fedora and RedHat?

On 30/10/11 04:56 AM, Bruce Alspaugh wrote:
On Sun, 2011-10-30 at 04:25 +1100, Ian G wrote:
On 30/10/11 03:06 AM, Bruce Alspaugh wrote:
I ran across this link where Fedora seems to think that the liability
disclaimer in the CACert Root Distribution License amounts to a use

Would it be possible for CACert to amend the license in such a way as to
make it acceptable to Fedora so it could be included?  Has anyone talked
to the lawyers at RedHat as far as what changes they require?
Yeah, the RedHat people are thinking that the root key is open source,
and therefore should have an open source licence.

What they don't understand is that a root key comes with special
circumstances that don't match the source world.

There was an attempt to talk to them about a year ago ... but the
problem is unless you actually get people who understand licensing and
CAs together, it won't work.

What you should ask them is why they distro other CA's roots when their
terms include similar disclaimers and far worse other situations.

Perhaps the lawyers from the Software Freedom Law Center (SFLC) might be
willing to help CACert to sort out this issue with Fedora/RedHat.

It seems to me that much of the value of a CA comes from having the root
keys built in.  Who knows, maybe the SFLC lawyers might be willing to
help CACert on inclusion in other distros, browsers, Java, passing the
Webtrust audit, etc.?


Archive powered by MHonArc 2.6.16.

Top of Page