Policy-Discussion

[Philipp Dunkel <p.dunkel AT cacert.org>]

I just left a rather lengthy comment on that bug and offered myself as a 
point of contact to explain the situation and intricacies to them from our 
POV. 

Maybe we can get somewhere with this. If not, at least we showed that it's 
not us being uncooperative.

Regards, Phil

On Oct 31, 2011, at 4:39 PM, Bruce Alspaugh wrote:

> You're right that they really are confused.  Take a look at their bug 
> report:
>  
> https://bugzilla.redhat.com/show_bug.cgi?id=474549
>  
> Bruce
> On Sun, Oct 30, 2011 at 6:50 AM, Ian G 
> <iang AT cacert.org>
>  wrote:
> Well, after tussling with their non-free wiki pages for a while, I finally 
> got to post a comment that explains the CAcert position on licences:
> 
> https://fedoraproject.org/wiki/Talk:Licensing/CACert_Root_Distribution_License
> 
> Unfortunately it is too hard for them to understand.  The basic flaw in 
> their assumption is that the root key is "software" and therefore could be 
> GPL-compatible.  This is wrong....
> 
> We'll see if anyone nibbles over at Fedora :)
> 
> iang
> 
> PS: what is the difference between Fedora and RedHat?
> 
> 
> 
> On 30/10/11 04:56 AM, Bruce Alspaugh wrote:
> On Sun, 2011-10-30 at 04:25 +1100, Ian G wrote:
> On 30/10/11 03:06 AM, Bruce Alspaugh wrote:
> I ran across this link where Fedora seems to think that the liability
> disclaimer in the CACert Root Distribution License amounts to a use
> restriction:
> 
> https://fedoraproject.org/wiki/Licensing/CACert_Root_Distribution_License
> 
> Would it be possible for CACert to amend the license in such a way as to
> make it acceptable to Fedora so it could be included?  Has anyone talked
> to the lawyers at RedHat as far as what changes they require?
> Yeah, the RedHat people are thinking that the root key is open source,
> and therefore should have an open source licence.
> 
> What they don't understand is that a root key comes with special
> circumstances that don't match the source world.
> 
> There was an attempt to talk to them about a year ago ... but the
> problem is unless you actually get people who understand licensing and
> CAs together, it won't work.
> 
> What you should ask them is why they distro other CA's roots when their
> terms include similar disclaimers and far worse other situations.
> 
> iang
> Perhaps the lawyers from the Software Freedom Law Center (SFLC) might be
> willing to help CACert to sort out this issue with Fedora/RedHat.
> 
> http://www.softwarefreedom.org/
> 
> It seems to me that much of the value of a CA comes from having the root
> keys built in.  Who knows, maybe the SFLC lawyers might be willing to
> help CACert on inclusion in other distros, browsers, Java, passing the
> Webtrust audit, etc.?
> 
> Bruce
> 
> 
>

Attachment: smime.p7s
Description: S/MIME cryptographic signature