Simon Huggins wrote:
On Thu, Jun 16, 2005 at 01:03:52AM -0400, Eric Dorland wrote:
* Simon Huggins ([EMAIL PROTECTED]) wrote:
Well actually to some degree they've already done this. Recently the
CAcert (www.cacert.org) project's root CA made it into our
ca-certificates package. However I can't have Firefox use that as a
root CA by default and still use the trademark:
http://article.gmane.org/gmane.comp.security.cacert/2752
This seems like a pretty unacceptable to me.
Hmm. That almost sets a precedent for stopping any changes they don't
like via the blunt tool of the trademark license.
I'd appreciate it if I was CCed on all parts of this discussion, as I'm
not a member of debian-devel. Thanks to Simon for bringing me back in here.
I'm sure you are aware of the significant risks to users associated with
adding a root certificate to a browser store.
However, having consulted carefully with my mozilla.org colleagues on
this issue, it's not as black and white as I made out in the original
post to the CACert list. Consequently, I would very much like to hear
more about Debian's policy and procedures for vetting certificate
authorities who wish to have their roots included in the Debian store.
With regard to the "blunt tool", the point of a trademark licence is to
exercise some control over what gets labelled "Firefox". If Debian were
able to make arbitrary changes we didn't like and still use the
trademark, there would be no licence! :-) And adding a new root cert is
in an entirely different category to e.g. patching Firefox to put its
profile somewhere which fits in with the Debian FHS.
Gerv
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
