[Bug 474549] Review Request: ca-cacert.org - CAcert.org CA root certificates

bugzilla at redhat.com bugzilla at redhat.com
Tue Nov 1 14:15:21 UTC 2011 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=474549

Iang <iang at iang.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |iang at iang.org

--- Comment #42 from Iang <iang at iang.org> 2011-11-01 10:15:14 EDT ---
What Philipp wrote, ++

just to stress the liability issue a little:  All open software seeks to
discount liability to zero in its licences, and much of sold software does the
same.  Look in any licence.

In CAcert, we do not do that -- as Members, we are all liable up to 1000 euros.
 Philipp, me, and any of around 20k other active members.  Which means a
relying party (by our definition, a Member) can get damages, serious damages.

This of course doesn't work for the whole world.  Our 20k active users can't
pay those liabilities to the 2 billion Internet users.  Imagine we get sued for
some bank class action fraud… Our Members won't survive, Audit won't permit it,
and our Directors would be hauled to jail for such a fraud as offering free
liability coverage to the whole Internet.

Hence we define reliance as being a permission available to members. 
Membership is free, but you are then liable.

As you see in the CAcert RDL, we use the statement "you may not RELY" in order
to make sure that you, as a non-member of CAcert, don't actually assume you can
sue us if something goes wrong.  This is the case with practically all CAs, 
and it is a mathematical and financial certainty, so be warned that Internet
mythology is unreliable on this point.

It's just that CAcert tells you up-front, in an easy to find way.

However, what you do have as a visitor to some cert at a user level is a
permission to USE.  This is really what is desired and is useful, because in
the practical world of Internet and communications, we don't typically sue each
other.  The wording for this is found in the CCA (for historical reasons, it's
not in the RDL).

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the package-review mailing list