Re: trademarks [was Re: Minutes of the Board meeting 2006/Feb/15]

2006-02-28 Thread Owen Taylor 
On Mon, 2006-02-27 at 09:41 -0500, Dominic Lachowicz wrote:
 On 2/27/06, Bill Haneman [EMAIL PROTECTED] wrote:
 
  Perhaps - this has been discussed on the Board for years.  As I
  understand it, the guidance from legal consultations so far has not
  helped sketch out such a guideline, and I was under the impression that
  there is little, if any, legal precedent for such implicit licensing.
 
 If we want to avoid the implicitness bit, perhaps we could have some
 sort of secure webapp that clearly defines the TOCs of such a TM
 policy, delineating the rights and limitations one has when using the
 Foundation's marks. By filling in your relevant information and
 clicking accept, an explicit contract between the foundation and you
 - the licensee - has been formed. The licensee is bound by the
 contract, and may use the TMs in a way that is consistent with said
 contract. The Foundation still gets to enforce and protect its mark,
 while still being fairly liberal with who gets to use it.
 
 Under such a policy, no warm-bodies would be involved past the initial
 setup stages, unless people were found to be infringing the TM or
 violating the TOCs of the contract.

The user-group agreement is currently done as an electronic
click-through.

 http://foundation.gnome.org/licensing/usergroup/

I'm not sure that going over https would make it any more legally
binding...

Owen


___
foundation-list mailing list
foundation-list@gnome.org
http://mail.gnome.org/mailman/listinfo/foundation-list

Re: trademarks [was Re: Minutes of the Board meeting 2006/Feb/15]

2006-02-28 Thread Dominic Lachowicz 
On 2/28/06, Owen Taylor [EMAIL PROTECTED] wrote:
 I'm not sure that going over https would make it any more legally
 binding...

If I said https, then I'd agree with you, but I didn't. I said
secure, but perhaps that was the wrong word. The semantic I'm
looking for is there is some way to verify that the submitter is who
she says she is, in a legally binding sense. You know, more than just
an accept button and some text fields that anyone can fill in with any
values they like.

Best,
Dom
--
Counting bodies like sheep to the rhythm of the war drums.
___
foundation-list mailing list
foundation-list@gnome.org
http://mail.gnome.org/mailman/listinfo/foundation-list

Re: trademarks [was Re: Minutes of the Board meeting 2006/Feb/15]

2006-02-28 Thread Owen Taylor 
On Tue, 2006-02-28 at 09:41 -0500, Dominic Lachowicz wrote:
 On 2/28/06, Owen Taylor [EMAIL PROTECTED] wrote:
  I'm not sure that going over https would make it any more legally
  binding...
 
 If I said https, then I'd agree with you, but I didn't. I said
 secure, but perhaps that was the wrong word. The semantic I'm
 looking for is there is some way to verify that the submitter is who
 she says she is, in a legally binding sense. You know, more than just
 an accept button and some text fields that anyone can fill in with any
 values they like.

Signatures are pretty funny things ... for a very large number of 
real-world important things, I can fax a signed document; presumably
given an example of someone's signature it's not hard to create a
very convincing looking fax with that signature. 

So, most of the time, a signature is, as far as I can tell, really
an expression of intent on the part of the signer rather than a
security mechanism.

The sign by retyping your name in slashes thing on that web page,
as corny as it may seem, is actually the recommendation of our
lawyers. And while, as a computer person, I had trouble implementing
that form with a straight face, I'm not sure that, say, a PGP  signature
of the submitter would have any more security validity... not even to
discuss what courts would consider legally binding.

PGP signatures have a bad problem with repudiation ... at any point
I can claim that I accidentally revealed my private key two
years ago, and that the signature could have been forged. 

To really get something secure, you need something equivalent to
notarization or a signature guarantee where a trusted third party
confirms your identity and countersigns the document. (And to
fix the repudiation problem, that identity confirmation can't be
automated by way of a PGP key.)

If you think about from a different angle, what's the damage someone
could do by submitting a forged form? If the user groups claims that
they never signed the document, and thus aren't bound by the terms of
the agreement, then they don't have the accompanying rights to use the
trademark...

So, in other words, while I intentionally said https instead of
echoing your secure web app, my general feeling is that this isn't
something that is really a matter of technology.

Regards,
Owen


___
foundation-list mailing list
foundation-list@gnome.org
http://mail.gnome.org/mailman/listinfo/foundation-list