Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=474549 Rod Montgomery <rod@xxxxxxxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rod@xxxxxxxxxxxxxx --- Comment #36 from Rod Montgomery <rod@xxxxxxxxxxxxxx> 2011-02-02 15:56:21 EST --- After reviewing the CACert policy discussion archive, I offer the following summary and a suggestion to reconsider the interpretation of RDL. CACert seeks to avoid the potential liability of an end user relying on a CACert certificate without being bound by the CCA (CACert Community Agreement), which is a precondition of membership. Sascha Thomas Spreitzer proposed that CACert use a more widely-known license, CC-BY-ND, to distribute the root certificates. https://lists.cacert.org/wws/arc/cacert-policy/2010-06/msg00151.html This license does not specifically mention reliance. For this and other reasons, the policy discussion did not find consensus to adopt CC-BY-ND. CACert resolved to use the Root Distribution License (RDL), as mentioned in Comment 21, and further discussion of CC-BY-ND and 3pv-DaL ceased. https://wiki.cacert.org/PolicyDecisions#p20100710 RedHat Legal interpreted the RDL to have a use restriction which blocks this bug. Without some reconsideration, it appears that Fedora and CACert have created an impasse. May I suggest that RedHat Legal reconsider the interpretation on the grounds that: a) the RDL language "specifically does not permit" is not the same as "prohibits." CACert disclaims express or implied warranties, and specifically withholds permission to rely (take on risk or liability). b) all software under GPL carries the same restriction, "No warranty... the entire risk as to the quality and performance of the program is with you [the user]." It seems consistent to say, from another perspective, that relying on the quality or performance of the program is specifically not permitted by the GPL. The RDL language is a restatement of warranty disclaimer for clarity and emphasis, it is not an incremental restriction. In either reading, the user is free to assume risk or liability absent the permission of CACert. CACert is not held liable for the use of the certificates distributed under the RDL. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review