Eric Dorland wrote:
* Gervase Markham ([EMAIL PROTECTED]) wrote:
Debian already has rights that their users don't have, the most
prominent among them being to label a Linux distribution as "Debian" (or
"official Debian", or whatever it is you guys use). :-)
When I said rights, I meant rights to the software in main. That's
what Debian cares about. I should of been more clear.
So it's OK for Debian to use trademarks to protect their free software
brand, but not OK for those whose software is included in Debian?
They do have concerns about the trustability of CAcert certs. I'm
mostly convinced they're no worse than other CA's.
What we have a problem with (in the context of including the cert in
Firefox) is the fact that CAcert haven't been audited, so the risk of
including them is unquantifiable. Please see the CAcert list for recent
discussions on this topic.
Can you please point me to the document where you went and verified
that all your current CA's have been audited and met your CA policy?
We haven't yet audited the current CAs; the decision was taken (given
how long it took to develop the policy) to prioritise new CAs. Current
CAs at least have the evidence of history to back up their trustworthiness.
Here's another situation you might want to consider. What if Debian
decided one of your CA's was not trustworthy and removed it? Would
that be grounds for losing the trademark?
That's a very different issue; we have considered it, of course. The
answer would probably depend on how used the root was - i.e. how far
removing it degraded the user experience - combined with the reasons for
removal. But we haven't thought about this one as hard, because it
hasn't come up in practice.
Gerv
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
