1 |
On Mon, Dec 14, 2009 at 07:15:36AM -0500, Richard Freeman wrote: |
2 |
> On 12/13/2009 02:49 PM, Robin H. Johnson wrote: |
3 |
> >On Sun, Dec 13, 2009 at 10:44:05PM +1100, Daniel Black wrote: |
4 |
> >>Recently this got produced as a draft license for parties distributing |
5 |
> >>CAcert's root certificate(s) (like us). |
6 |
> >>https://svn.cacert.org/CAcert/Policies/Agreements/3PVDisclaimerAndLicence.html |
7 |
> >That's a pretty dense license. I can see why you had a headache. |
8 |
> > |
9 |
> >I believe that in it's current form, we will have to make sure we have a |
10 |
> >liability disclaimer to users for the license, but that should be about |
11 |
> >it. |
12 |
> > |
13 |
> |
14 |
> First, I am not a lawyer. |
15 |
> |
16 |
> The 3PV license does require that the user be presented with: |
17 |
> http://www.cacert.org/policy/NRPDisclaimerAndLicence.php |
18 |
From 3PV: |
19 |
===== |
20 |
1.4 Vendor's Agreement with End-User |
21 |
Vendor agrees |
22 |
1. to distribute both the NRP-DaL and this present agreement to end-user, |
23 |
2. to advise the end-user of the NRP-DaL appropriately. |
24 |
... |
25 |
2. Disclaimer |
26 |
2.1 All Liability |
27 |
Vendor's relationship with end-users creates risks, liabilities and |
28 |
obligations due to the end-user's permitted USE of the certificates, |
29 |
and potentially through other activities such as inappropriate and |
30 |
non-permitted RELIANCE. |
31 |
===== |
32 |
|
33 |
1.4.1 just means we get to install both licenses, similar to the other |
34 |
@BINARY-REDISTRIBUTABLE discussion we had. |
35 |
|
36 |
1.4.2 is interesting, in that a lot of users don't read elog/einfo at all. Thus |
37 |
do they count as reasonable effort to the inform the user? |
38 |
|
39 |
2.1 is where I had more concern. NRP contains this wonderful line: |
40 |
"You may NOT RELY on any statements or claims made by the certificates |
41 |
or implied in any way." |
42 |
|
43 |
But... |
44 |
|
45 |
> An option would be to RESTRICT=mirror their root key, and install it |
46 |
> directly from their site, assuming they don't start messing with the |
47 |
> URL. Then we can just put the license in the ebuild like any other. |
48 |
> Since we don't redistribute anything copyrighted, Gentoo itself |
49 |
> doesn't enter into any license agreement. |
50 |
This is entirely moot. The CACert materials in Gentoo come from Debian's |
51 |
ca-certificates package. We do NOT independently supply them. |
52 |
http://packages.debian.org/sid/ca-certificates |
53 |
|
54 |
I think this might enable us to entirely sidestep a large part of the |
55 |
discussion. Watch what Debian does, and see what related actions if any we need |
56 |
to take. |
57 |
|
58 |
-- |
59 |
Robin Hugh Johnson |
60 |
Gentoo Linux: Developer, Trustee & Infrastructure Lead |
61 |
E-Mail : robbat2@g.o |
62 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |