Even if MF relies on a 3rd party whats to absolve them of all responsibility, after all they still included the certificate regardless of any 3rd party saying it was ok, ....
Ignoring the semantics of any particular legal threat, it may be worth considering creating a single corporation, wholly owned by the Foundation, that is given total responsibility for all CA issues including creating the default list. This is a well known ring-fencing or firewalling technique, and is generally quite acceptable if clearly documented (and the parent Foundation never makes any independent judgement or decision). It would mean that any suit against the single corporation that made all the decision would not threaten the rest of the project.
iang _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
