Subject: Policy-Discussion
List archive
- From: Michael Tänzer <michael.taenzer AT cacert.org>
- To: cacert-policy AT lists.cacert.org
- Cc: Ian G <iang AT cacert.org>
- Subject: Re: CACert Root Distribution for Fedora
- Date: Tue, 01 Nov 2011 20:00:50 +0100
- Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT cacert.org; dkim-asp=none
- Openpgp: id=9940BEF1
Hi,
On 01.11.2011 15:26, Ian G wrote:
> On 1/11/11 12:32 PM, Michael Tänzer wrote:
>> On 31.10.2011 23:03, Lambert Hofstra wrote:
>>> Well, it's a difficult concept... It's "free" as in "free beer" (you
>>> don't have to pay for it) but not "free" as in "no obligations" (you
>>> have to accept the CCA).
>>>
>>> The whole concept is to protect the community, so that it can stay
>>> "free" (no cost involved) and still be of a certain value for the users.
>>>
>>> Imagine we provide the certificates for free, without any assurance.
>>> Then you can distribute the root under GPL or whatever, because there is
>>> no claim whatsoever. However, it would be of no value of the user.
>> ... As
>> far as I understand from my amateur view the "you may not rely" part is
>> similar to this no warranty clause and the CCA poses this additional
>> agreement that introduces reliance.
>
> Yes, that's more or less it. Other CAs are the same, they have Relying
> Party Agreements.
>
> They just don't tell you that there is an absence of permission. We
> wrote the policies to be non-deceptive. So we have to tell people. Is
> all...
What seems to be the problem is that the License contains the phrase
"THIS *LICENSE* SPECIFICALLY DOES NOT PERMIT YOU TO RELY UPON ANY
CERTIFICATES ISSUED BY CACERT INC." (highlighting by me). This could be
interpreted as "if you rely without a separate agreement, the license
will void" and license being the copyright part of the license. The
problem is that two aspects are mixed in this license, the copyright
part and the warranty disclaimer, and in this case it might seem that
one thing has an influence on the other although I think it wasn't meant
that way. I think it was meant that CAcert Inc. doesn't give you the
permission to rely on the cert without entering into a separate
agreement, that has almost no effect on NRPs because I can't forbid
anything without having any contract with you but if you do anyway at
least it's totally clear that CAcert can't be the one to blame because
it explicitly didn't allow you to rely beforehand. AFAICS it was not
meant to say "if you rely anyway you will immediately have to wipe the
cert from your computer because the copyright has voided".
So if that is indeed the misunderstanding here we have two possibilities:
a) clarify the license in that respect and work together with RedHat
legal to see whether that would actually get us anywhere
b) write an official clarification without changing the license (I don't
know whether that is possible legally)
Cheers,
--
Michael Tänzer
CAcert Support Team Leader
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- Re: CACert Root Distribution for Fedora, Michael Tänzer, 11/01/2011
- Re: CACert Root Distribution for Fedora, Ian G, 11/01/2011
- Re: CACert Root Distribution for Fedora, Michael Tänzer, 11/01/2011
- <Possible follow-up(s)>
- Re: CACert Root Distribution for Fedora, Ian G, 11/01/2011
- Re: CACert Root Distribution for Fedora, Ian G, 11/01/2011
Archive powered by MHonArc 2.6.16.