Re: trademarks [was Re: Minutes of the Board meeting 2006/Feb/15]

2006-02-28 Thread Owen Taylor 
On Tue, 2006-02-28 at 09:41 -0500, Dominic Lachowicz wrote:
> On 2/28/06, Owen Taylor <[EMAIL PROTECTED]> wrote:
> > I'm not sure that going over https would make it any more legally
> > binding...
> 
> If I said "https", then I'd agree with you, but I didn't. I said
> "secure", but perhaps that was the wrong word. The semantic I'm
> looking for is "there is some way to verify that the submitter is who
> she says she is, in a legally binding sense". You know, more than just
> an accept button and some text fields that anyone can fill in with any
> values they like.

Signatures are pretty funny things ... for a very large number of 
real-world important things, I can fax a signed document; presumably
given an example of someone's signature it's not hard to create a
very convincing looking fax with that signature. 

So, most of the time, a signature is, as far as I can tell, really
an expression of intent on the part of the signer rather than a
security mechanism.

The "sign by retyping your name in slashes" thing on that web page,
as corny as it may seem, is actually the recommendation of our
lawyers. And while, as a computer person, I had trouble implementing
that form with a straight face, I'm not sure that, say, a PGP  signature
of the submitter would have any more security validity... not even to
discuss what courts would consider legally binding.

PGP signatures have a bad problem with repudiation ... at any point
I can claim that I accidentally revealed my private key two
years ago, and that the signature could have been forged. 

To really get something secure, you need something equivalent to
notarization or a signature guarantee where a trusted third party
confirms your identity and countersigns the document. (And to
fix the repudiation problem, that identity confirmation can't be
automated by way of a PGP key.)

If you think about from a different angle, what's the damage someone
could do by submitting a forged form? If the user groups claims that
they never signed the document, and thus aren't bound by the terms of
the agreement, then they don't have the accompanying rights to use the
trademark...

So, in other words, while I intentionally said "https" instead of
echoing your "secure web app, my general feeling is that this isn't
something that is really a matter of technology.

Regards,
Owen


___
foundation-list mailing list
foundation-list@gnome.org
http://mail.gnome.org/mailman/listinfo/foundation-list

Re: trademarks [was Re: Minutes of the Board meeting 2006/Feb/15]

2006-02-28 Thread Dominic Lachowicz 
On 2/28/06, Owen Taylor <[EMAIL PROTECTED]> wrote:
> I'm not sure that going over https would make it any more legally
> binding...

If I said "https", then I'd agree with you, but I didn't. I said
"secure", but perhaps that was the wrong word. The semantic I'm
looking for is "there is some way to verify that the submitter is who
she says she is, in a legally binding sense". You know, more than just
an accept button and some text fields that anyone can fill in with any
values they like.

Best,
Dom
--
Counting bodies like sheep to the rhythm of the war drums.
___
foundation-list mailing list
foundation-list@gnome.org
http://mail.gnome.org/mailman/listinfo/foundation-list

Re: trademarks [was Re: Minutes of the Board meeting 2006/Feb/15]

2006-02-28 Thread Owen Taylor 
On Mon, 2006-02-27 at 09:41 -0500, Dominic Lachowicz wrote:
> On 2/27/06, Bill Haneman <[EMAIL PROTECTED]> wrote:
> >
> > Perhaps - this has been discussed on the Board for years.  As I
> > understand it, the guidance from legal consultations so far has not
> > helped sketch out such a guideline, and I was under the impression that
> > there is little, if any, legal precedent for such implicit licensing.
> 
> If we want to avoid the "implicitness" bit, perhaps we could have some
> sort of secure webapp that clearly defines the TOCs of such a TM
> policy, delineating the rights and limitations one has when using the
> Foundation's marks. By filling in your relevant information and
> clicking "accept", an explicit contract between the foundation and you
> - the licensee - has been formed. The licensee is bound by the
> contract, and may use the TMs in a way that is consistent with said
> contract. The Foundation still gets to enforce and protect its mark,
> while still being fairly liberal with who gets to use it.
> 
> Under such a policy, no warm-bodies would be involved past the initial
> setup stages, unless people were found to be infringing the TM or
> violating the TOCs of the contract.

The user-group agreement is currently done as an electronic
click-through.

 http://foundation.gnome.org/licensing/usergroup/

I'm not sure that going over https would make it any more legally
binding...

Owen


___
foundation-list mailing list
foundation-list@gnome.org
http://mail.gnome.org/mailman/listinfo/foundation-list