Package: ca-cert Severity: normal Tags: upstream
The Red Hat legal team has reviewed the CACert licensing, which appears to have this copyright license which must be adhered to when including and using the certificates: http://www.cacert.org/policy/RootDistributionLicense.html They seem to think it is non-free, details are here: https://bugzilla.redhat.com/show_bug.cgi?id=474549#c34 TL;DR: I suppose looking at the green lock and thinking it's secure possibly means "relying" on the cert, and the license has a usage restriction on this unless you sign up for the CACert community agreement, which itself requires explicit sign-up (who actually knows and does that?), arbitration clause etc. But IANAL, read the Red Hat link above for all the details. PS: fwiw, this reportbug was run inside a docker container, I hope that won't mess anything up with this report -- System Information: Debian Release: 8.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.6.4-301.fc24.x86_64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Init: unable to detect