| 1 |
On Mon, Dec 14, 2009 at 07:15:36AM -0500, Richard Freeman wrote: |
| 2 |
> On 12/13/2009 02:49 PM, Robin H. Johnson wrote: |
| 3 |
> >On Sun, Dec 13, 2009 at 10:44:05PM +1100, Daniel Black wrote: |
| 4 |
> >>Recently this got produced as a draft license for parties distributing |
| 5 |
> >>CAcert's root certificate(s) (like us). |
| 6 |
> >>https://svn.cacert.org/CAcert/Policies/Agreements/3PVDisclaimerAndLicence.html |
| 7 |
> >That's a pretty dense license. I can see why you had a headache. |
| 8 |
> > |
| 9 |
> >I believe that in it's current form, we will have to make sure we have a |
| 10 |
> >liability disclaimer to users for the license, but that should be about |
| 11 |
> >it. |
| 12 |
> > |
| 13 |
> |
| 14 |
> First, I am not a lawyer. |
| 15 |
> |
| 16 |
> The 3PV license does require that the user be presented with: |
| 17 |
> http://www.cacert.org/policy/NRPDisclaimerAndLicence.php |
| 18 |
From 3PV: |
| 19 |
===== |
| 20 |
1.4 Vendor's Agreement with End-User |
| 21 |
Vendor agrees |
| 22 |
1. to distribute both the NRP-DaL and this present agreement to end-user, |
| 23 |
2. to advise the end-user of the NRP-DaL appropriately. |
| 24 |
... |
| 25 |
2. Disclaimer |
| 26 |
2.1 All Liability |
| 27 |
Vendor's relationship with end-users creates risks, liabilities and |
| 28 |
obligations due to the end-user's permitted USE of the certificates, |
| 29 |
and potentially through other activities such as inappropriate and |
| 30 |
non-permitted RELIANCE. |
| 31 |
===== |
| 32 |
|
| 33 |
1.4.1 just means we get to install both licenses, similar to the other |
| 34 |
@BINARY-REDISTRIBUTABLE discussion we had. |
| 35 |
|
| 36 |
1.4.2 is interesting, in that a lot of users don't read elog/einfo at all. Thus |
| 37 |
do they count as reasonable effort to the inform the user? |
| 38 |
|
| 39 |
2.1 is where I had more concern. NRP contains this wonderful line: |
| 40 |
"You may NOT RELY on any statements or claims made by the certificates |
| 41 |
or implied in any way." |
| 42 |
|
| 43 |
But... |
| 44 |
|
| 45 |
> An option would be to RESTRICT=mirror their root key, and install it |
| 46 |
> directly from their site, assuming they don't start messing with the |
| 47 |
> URL. Then we can just put the license in the ebuild like any other. |
| 48 |
> Since we don't redistribute anything copyrighted, Gentoo itself |
| 49 |
> doesn't enter into any license agreement. |
| 50 |
This is entirely moot. The CACert materials in Gentoo come from Debian's |
| 51 |
ca-certificates package. We do NOT independently supply them. |
| 52 |
http://packages.debian.org/sid/ca-certificates |
| 53 |
|
| 54 |
I think this might enable us to entirely sidestep a large part of the |
| 55 |
discussion. Watch what Debian does, and see what related actions if any we need |
| 56 |
to take. |
| 57 |
|
| 58 |
-- |
| 59 |
Robin Hugh Johnson |
| 60 |
Gentoo Linux: Developer, Trustee & Infrastructure Lead |
| 61 |
E-Mail : robbat2@g.o |
| 62 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |
Archives