Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=474549 --- Comment #43 from Iang <iang@xxxxxxxx> 2011-11-01 10:19:52 EDT --- One other point: Our policies are written to be fair, honest, and up-front (and done so in open forum with open voting). Someone would say, in your face! Which is why RedHat Legal found it, and we hope that the Judge will find it of credibility too. One question you may want to ask is why RedHat Legal has not found the situation for any other CAs? Has it examined the distribution licences from other CAs? Has it examined the RPAs from other CAs? Let me provide a summary of what you will find: All CAs typically do not give permission to rely, unless you enter into a Relying Party Agreement. (Google knows...) They just don't say the first part, but the clue is in the title: Relying Party Agreement -- without that, you have no permission to rely. We say it without the clue. Further, in a typical RPA, all CAs typically set all liabilities to you to zero. If you enter into an agreement with your local CA, chances are it will set liability to zero both explicitly and through a number of other tactics which would take a book to describe. Ergo, if you have no agreement with a CA, then you have even less. The exceptions to this in general are QC issuers in Europe -- which operate to government regulated limits on liability primarily for digital signing smart cards -- and CAcert. A second thing you need to look at is the licence you agree to when shipping the root of other CAs. They won't tell you about it necessarily, but *you do need a licence* or permission of some form. We tell you, it's the Root Distribution Licence. In summary, in order to say that CAcert's licence is bad (non-free is the term used above) we have to also say that all the other licences of all the other CAs are better (freer?). Has that been done? -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review