On Sat, Nov 03, 2012 at 03:28:08PM -0500, Michael Shuler wrote: > Control: severity -1 serious > Control: tags -1 pending
> (Setting to serious, due to policy violation) > After reading the -legal thread, comments above, the CAcert mailing list > thread, the Fedora explanation, and carefully reading the licensing > myself, the cautious side of me says the right thing to do is remove the > CAcert certificates from the package. This change will be committed to > the collab-maint git repo shortly. > I appreciate the bug report, mejiko, and for others taking the time to > consider this issue. I will consider a ca-certificates-cacert ITP for > inclusion in non-free. Which debian-legal thread were you reading? Because the two comments I see cc:ed to this bug report from debian-legal, from Francesco Poli and Florian Weimer, both point out that *certificates are not copyrightable*. An SSL certificate is a unique representation of a mathematical fact; since it contains no creative element, copyright law does not provide for any monopoly rights prohibiting distribution. The CAcert license is therefore something we should entirely ignore, because it has no legal force. Your proposal to remove it from the package without specific legal guidance to the contrary is a gross overreaction. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
