Re: Bug#687693: ca-certificates: Cacert License is missing
On Sat, Nov 03, 2012 at 03:28:08PM -0500, Michael Shuler wrote:
> Control: severity -1 serious
> Control: tags -1 pending
> (Setting to serious, due to policy violation)
> After reading the -legal thread, comments above, the CAcert mailing list
> thread, the Fedora explanation, and carefully reading the licensing
> myself, the cautious side of me says the right thing to do is remove the
> CAcert certificates from the package. This change will be committed to
> the collab-maint git repo shortly.
> I appreciate the bug report, mejiko, and for others taking the time to
> consider this issue. I will consider a ca-certificates-cacert ITP for
> inclusion in non-free.
Which debian-legal thread were you reading? Because the two comments I see
cc:ed to this bug report from debian-legal, from Francesco Poli and Florian
Weimer, both point out that *certificates are not copyrightable*. An SSL
certificate is a unique representation of a mathematical fact; since it
contains no creative element, copyright law does not provide for any
monopoly rights prohibiting distribution.
The CAcert license is therefore something we should entirely ignore, because
it has no legal force. Your proposal to remove it from the package without
specific legal guidance to the contrary is a gross overreaction.
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/