Simon Huggins wrote:
On Thu, Jun 16, 2005 at 01:03:52AM -0400, Eric Dorland wrote:* Simon Huggins (huggie@earth.li) wrote: Well actually to some degree they've already done this. Recently the CAcert (www.cacert.org) project's root CA made it into our ca-certificates package. However I can't have Firefox use that as a root CA by default and still use the trademark: http://article.gmane.org/gmane.comp.security.cacert/2752 This seems like a pretty unacceptable to me.Hmm. That almost sets a precedent for stopping any changes they don't like via the blunt tool of the trademark license.
I'd appreciate it if I was CCed on all parts of this discussion, as I'm not a member of debian-devel. Thanks to Simon for bringing me back in here.
I'm sure you are aware of the significant risks to users associated with adding a root certificate to a browser store.
However, having consulted carefully with my mozilla.org colleagues on this issue, it's not as black and white as I made out in the original post to the CACert list. Consequently, I would very much like to hear more about Debian's policy and procedures for vetting certificate authorities who wish to have their roots included in the Debian store.
With regard to the "blunt tool", the point of a trademark licence is to exercise some control over what gets labelled "Firefox". If Debian were able to make arbitrary changes we didn't like and still use the trademark, there would be no licence! :-) And adding a new root cert is in an entirely different category to e.g. patching Firefox to put its profile somewhere which fits in with the Debian FHS.
Gerv