[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

CAcert Licensing and Inclusion in Debian main


I have reopened #687693, as I believe that I was in error by ignoring the CAcert Root Distribution License. I closed that bug in order to maintain status quo, but have continued to feel that I was wrong in doing so, based on several points in the Social Contract. I am seeking a legal determination on whether the CAcert RDL follows the DFSG or is non-free.

Additional questions about CAcert's inclusion in ca-certificates were raised in #718434. As a result of those questions and history, Ubuntu removed CAcert's root certificates from ca-certificates and nss in LP: #1258286. Prompted by Ubuntu's removal, my understanding that that redistribution did not follow DFSG, and the other issues presented, I removed the CAcert root certificates from ca-certificates. #741561 is seeking a possible re-introduction of CAcert's roots in Debian and would require proper judgement on licensing, prior to proceeding.

I am familiar with the premise that SSL certificates may be seen as un-copyrightable, however, CAcert has (I assume with legal advice) intentionally burdened their root certificates with a license which claims copyright, as well as, by several opinions, verbiage that makes it non-free.

I strongly believe that ignoring the CAcert RDL, in order to maintain status quo, is not the ethical thing to do for Debian, and I would enjoy some legal guidance. Thanks for your time.


Kind regards,
Michael Shuler

Reply to: