* Gervase Markham (gerv@mozilla.org) wrote: > Eric Dorland wrote: > >* Gervase Markham (gerv@mozilla.org) wrote: > >>Debian already has rights that their users don't have, the most > >>prominent among them being to label a Linux distribution as "Debian" (or > >>"official Debian", or whatever it is you guys use). :-) > > > >When I said rights, I meant rights to the software in main. That's > >what Debian cares about. I should of been more clear. > > So it's OK for Debian to use trademarks to protect their free software > brand, but not OK for those whose software is included in Debian? My position has never been that trademarks are evil. I understand that you want to protect your trademarks, and I can understand the utility of having one. You are perfectly within your rights to demand we not call the build of Firefox we have in Debian "Firefox", just as Debian can ask someone to refrain from calling some Debian-derived distribution "Debian". Indeed, you have setup a trademark policy that does not allow us to call it Firefox. The whole question is whether Debian can accept a Debian-specific agreement to call Firefox "Firefox". > >>>They do have concerns about the trustability of CAcert certs. I'm > >>>mostly convinced they're no worse than other CA's. > >> > >>What we have a problem with (in the context of including the cert in > >>Firefox) is the fact that CAcert haven't been audited, so the risk of > >>including them is unquantifiable. Please see the CAcert list for recent > >>discussions on this topic. > > > >Can you please point me to the document where you went and verified > >that all your current CA's have been audited and met your CA policy? > > We haven't yet audited the current CAs; the decision was taken (given > how long it took to develop the policy) to prioritise new CAs. Current > CAs at least have the evidence of history to back up their trustworthiness. > > >Here's another situation you might want to consider. What if Debian > >decided one of your CA's was not trustworthy and removed it? Would > >that be grounds for losing the trademark? > > That's a very different issue; we have considered it, of course. The > answer would probably depend on how used the root was - i.e. how far > removing it degraded the user experience - combined with the reasons for > removal. But we haven't thought about this one as hard, because it > hasn't come up in practice. Well the only reason to remove a CA would really be that they could not be trusted to sign certificates anymore, and in that case, user experience be damned. -- Eric Dorland <eric.dorland@mail.mcgill.ca> ICQ: #61138586, Jabber: hooty@jabber.com 1024D/16D970C6 097C 4861 9934 27A0 8E1C 2B0A 61E9 8ECF 16D9 70C6 -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+ O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+ G e h! r- y+ ------END GEEK CODE BLOCK------
Attachment:
signature.asc
Description: Digital signature