Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=474549 --- Comment #55 from Iang <iang@xxxxxxxx> 2011-11-03 09:20:57 EDT --- Comment #53, continuing in reverse order: > (In reply to comment #46) > > Well actually CAcert does the same thing. If you want to rely on a StarCom or > > Verisign Cert you need to enter into their separate Relying Party Agreement. If > > you want to rely on a CAcert Certificate you have to enter into the CCA > > http://www.cacert.org/policy/CAcertCommunityAgreement.php > > > > So where is the difference? > Sorry, I wasn't precise enough. To rely under the CCA, one must register > affirmatively with CAcert (fails the dissident test) and agree to be bound by > arbitration, including potential liability up to 1000 euros; it's unclear > whether a party who does not obtain any certificates from CAcert can be certain > of avoiding this liability. This is not something to which Fedora should > expose its users. OK, this is where we start to differ on terms and semantics. Your term "relying" is what we call USE from CAcert's lexicon. This right is available (more or less, the details are a little convoluted, but it is works). Fedora users don't need to do much or anything to benefit, it's not an "exposure" in those terms. > OTOH, the VeriSign RPA can be entered anonymously and allows > one to rely at one's own risk, provided that one "validates" the certificates, > without accepting any obligations or liabilities aside from a standard > indemnity. Right, we differ in semantics of terms. They offer "rely at ones own risk" to a wider public, whereas CAcert's USE of certificates is available to a wider public. These are comparable at the legal/semantic level, and both are useful to Fedora's users. Both deliver the essence of what CAcert calls USE. > StartCom doesn't purport to restrict reliance, and just makes clear > that it is at one's own risk. Yes, they also define "reliance at your own risk," approximately. Substitute "CAcert" and "USE" into the above sentence and it will bear comparison. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review