[Bug 474549] Review Request: ca-cacert.org - CAcert.org CA root certificates
bugzilla at redhat.com
bugzilla at redhat.com
Thu Feb 3 20:40:46 UTC 2011
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=474549
--- Comment #39 from Rod Montgomery <rod at thecomplex.com> 2011-02-03 15:40:44 EST ---
(In reply to comment #37)
> A priori, I don't need CAcert's permission to rely on (= take on risk or
> liability based on) their certificates. There is no law, and I have agreed to
> no contract, that would forbid me to do this. A simple statement that they
> withhold permission is meaningless; there is no permission to withhold. It
> seems more likely, especially in view of the policy discussion you linked, that
> the intended interpretation is to make non-reliance a condition of the
> copyright license. (If this is not the case, CAcert should issue an official
> clarification.)
Yes, in further reading at
https://lists.cacert.org/wws/arc/cacert-policy/2010-06/msg00062.html, I found
Ian Grigg's opinion that non-related persons should be banned from relying on
the certificates. His comment was made in the context of the NRP-DaL (since
removed in favor of the RDL), but the intention carries on in the language of
the RDL.
> Companies rely (= take on risk and liability based on) the correct
> operation of GPL software every day. They just can't sue the copyright holders
> if it breaks.
Companies choose to take those risks and liabilities of their own volition, not
as a result of any assurance, warranty, or claim in the GPL. IANAL, but it
seems that the first portion of the RDL Disclaimer would sever any CACert
liability from "relying inappropriately." CACert's concern over possible
litigation seems to be the driving concern behind the reliance language in the
second portion, but I do not see why the warranty disclaimer is insufficient
for CACert's concern.
I cannot speak for CACert or Fedora, but I am an interested user/participant of
both organizations. Thanks for the quick and thoughtful reply.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the package-review
mailing list