On Wed, 13 Nov 2013, Theo de Raadt wrote:
- There are allegedly licensing issues associated with redistributing the
root.
It's really neither here nor there considering all the other issues,
but when you mentioned this I was expecting their terms to be totally
off the wall.
http://www.cacert.org/policy/RootDistributionLicense.php
That's actually pretty sane to me. Basically the BSD license. It is
true, however, that we aren't in compliance. Whether or not a root
cert can be copyrighted, that at least would be an easy problem to
rectify. But it's really the least of our concerns, I think.
Well, I think it is bullshit.
They are copyrighting a number created by a piece of software, wrapped
inside a standardized container.
I've got a file containing the number 1. Don't you dare...
Thanks for the replies. I mostly included the mention about licensing to
summarize the reasons that Debian (who are very conservative about
licensing) is talking of removing it, and I think it's relevant that one
of the more widely-used cert bundles that still includes CAcert is looking
at dropping it. I personally don't think the copyright claim is
particularly enforceable, but IANAL, and more importantly, as Ted said,
it's pretty irrelevant considering the other issues.
Do you have thoughts on the security concerns about CAcert and whether it
makes sense for OpenBSD to trust by default?
--
Geoffrey Thomas
http://ldpreload.com
[email protected]
