> >>> - There are allegedly licensing issues associated with redistributing the > >>> root. > >> > >> It's really neither here nor there considering all the other issues, > >> but when you mentioned this I was expecting their terms to be totally > >> off the wall. > >> > >> http://www.cacert.org/policy/RootDistributionLicense.php > >> > >> That's actually pretty sane to me. Basically the BSD license. It is > >> true, however, that we aren't in compliance. Whether or not a root > >> cert can be copyrighted, that at least would be an easy problem to > >> rectify. But it's really the least of our concerns, I think. > > > > Well, I think it is bullshit. > > > > They are copyrighting a number created by a piece of software, wrapped > > inside a standardized container. > > > > I've got a file containing the number 1. Don't you dare... > > Thanks for the replies. I mostly included the mention about licensing to > summarize the reasons that Debian (who are very conservative about > licensing) is talking of removing it, and I think it's relevant that one > of the more widely-used cert bundles that still includes CAcert is looking > at dropping it. I personally don't think the copyright claim is > particularly enforceable, but IANAL, and more importantly, as Ted said, > it's pretty irrelevant considering the other issues. > > Do you have thoughts on the security concerns about CAcert and whether it > makes sense for OpenBSD to trust by default?
The last line of your previous mail suggested that our use use CAcert could be "interpreted as a statement of trust". Yeah, just like having any of these certs at all will be "interpreted as a statement of trust in SSL or TLS"... It's all "trust garbage", top to bottom. Personally, I am not going to get dragged further into it than the above few comments... there are others in the group who make these decisions.
