Re: Ongoing Firefox (and Thunderbird) Trademark problems
Alexander Sack wrote:
I think, what some (or a certain amount of) project members complain about, is
the absense of objective, written criteria. Those criteria should somehow define
which criteria X has to satisfy in order to get judged competent.
Such criteria are very hard to define. To show why, let me ask you a
question: given a number of free software packages which do the same
thing, how do you decide which one to use? On the web, how do you decide
which online businesses you will buy goods from?
Publishing a clear policy would be the single best chance to convince a good
amount of them - my guess of course, nothing more. Nevertheless, maybe trying to
work out a guideline might be sufficient too. I understand that this is no easy
job, but maybe it helps.
But how would such a guideline be worded? We can't say "we'd match this
ticklist of criteria", because we may find that someone meets them and
we still don't trust them to do a good job. We can't say "we'd consider
this list of factors", because we might want to look at other factors as
Judging from this, and from the assumption that we do not want to maintain and
enforce a pool of trademarks on our own, I would say that it is our job to work
out some criteria that a *good* free-software distributor should/can fulfill in
order to do good to upstream (in terms that those distributors will honor and
try their best not to harm upstreams trademark). Other projects could adapt
those criteria as well and upstreams - like Mozilla - could publish those
criteria as being suitable for determining the distributors competence ... what
a perfect world ;).
The problem with this is that every upstream will have a different view
of what a distributor should or shouldn't do in order to keep using the
trademark. For example, The Mozilla Foundation wouldn't let anyone use
the trademark if they exposed their users to significant risk by
unquestioningly adding root certificates to the store from anyone who
requested such addition. However, a vendor of another product which
didn't have a root cert store wouldn't consider this issue; yet another
product might be using a completely different security mechanism with
its own potential risky actions a distributor could take. So you would
end up with statements like "doesn't put users at risk", which are so
vague as to be useless.
I think that instead, Debian has to come up with a policy, hopefully
along the lines of the agreement I outlined originally, so you can say
"we will use the trademarks of anyone who will do a deal with us like
this - so it's easy to remove the marks, so they can't force us to
remove them from frozen versions, so... etc.".
But again, perhaps that won't happen for a while :-)