Re: CAcert Licensing and Inclusion in Debian main
While being in favour of re-inclusion of CAcert certificates, for the
reasons I've mentioned in the respective bug,... and while I'm not a
legal expert... I wonder:
Do we really want to open that box of Pandora?
I mean do we really accept that there are "copyrights" on public keys?
To my understanding I'd say that in many jurisdictions it's not possible
to copyright them, but any licenses are like the well known email
disclaimers - null and void.
I mean what comes next? That e.g. the GnuPG keys in Debian's keyring
packages may be copyrighted by their owners?
Okay your you could still argue, that any Debian developer implicitly
gives permission to re-distribute his key... but what about the public
signatures on them?
Or what if we want to explicitly block a certificate from a rogue CA,
but that CA wouldn't allow us to distribute their cert or fingerprint?