Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=474549 --- Comment #51 from Iang <iang@xxxxxxxx> 2011-11-02 05:43:41 EDT --- Matt writes in comment #44: > > Imagine we get sued for > > some bank class action fraud… > > You have disclaimed liability. What is the problem? Liabilities are not set in contract, but in court. The judge looks at the whole case, and determines the wrong & right of it all. This holistic view requires us also to look holistically, and do what we can to make things right. In our view, a boilerplate disclaimer is not sufficient. The primary reason for this is that the user-public falsely believes - and vendors and CAs continue to perpetuate by absence of clarity - that users have a universal right to rely. As is evidenced above, this is far from reality. So we have gone further to create a more clear arrangement, and we have added an explicit USE permission in the void for those who haven't agreed to the CCA (our RPA). In this we are explicitly speaking both to our users and to the judge in a future case. Clarity for both, which makes it a bit unusual. > What would be an example of a suit against a member that you would want to prevent? The big ones are if a financial institution is defrauded by many users, using a manipulated cert in some sense. E.g., a successful phishing operation pulls in maybe 100k. If for example we had a small merchant with PeopleBank.com as a job sharing website, and his cert was stolen and used to defrauded PeoplesBank.com, a big financial institution, then we'd have an issue... As has been seen from the DigiNotar case (finally) a cert delivered by one CA can be used to defraud another CA's customers. So this means our CA could be used to breach Bank of America, or the Whitehouse, or whoever. The smallest CA could be used to breach the biggest customer... -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review