CAcert Licensing and Inclusion in Debian main
Hello,
I have reopened #687693, as I believe that I was in error by ignoring
the CAcert Root Distribution License. I closed that bug in order to
maintain status quo, but have continued to feel that I was wrong in
doing so, based on several points in the Social Contract. I am seeking a
legal determination on whether the CAcert RDL follows the DFSG or is
non-free.
Additional questions about CAcert's inclusion in ca-certificates were
raised in #718434. As a result of those questions and history, Ubuntu
removed CAcert's root certificates from ca-certificates and nss in LP:
#1258286. Prompted by Ubuntu's removal, my understanding that that
redistribution did not follow DFSG, and the other issues presented, I
removed the CAcert root certificates from ca-certificates. #741561 is
seeking a possible re-introduction of CAcert's roots in Debian and would
require proper judgement on licensing, prior to proceeding.
I am familiar with the premise that SSL certificates may be seen as
un-copyrightable, however, CAcert has (I assume with legal advice)
intentionally burdened their root certificates with a license which
claims copyright, as well as, by several opinions, verbiage that makes
it non-free.
I strongly believe that ignoring the CAcert RDL, in order to maintain
status quo, is not the ethical thing to do for Debian, and I would enjoy
some legal guidance. Thanks for your time.
https://bugs.debian.org/687693
http://www.cacert.org/policy/RootDistributionLicense.php
https://bugs.debian.org/718434
https://bugs.debian.org/741561
--
Kind regards,
Michael Shuler
Reply to: