Hey. While being in favour of re-inclusion of CAcert certificates, for the reasons I've mentioned in the respective bug,... and while I'm not a legal expert... I wonder:
Do we really want to open that box of Pandora? I mean do we really accept that there are "copyrights" on public keys? To my understanding I'd say that in many jurisdictions it's not possible to copyright them, but any licenses are like the well known email disclaimers - null and void. I mean what comes next? That e.g. the GnuPG keys in Debian's keyring packages may be copyrighted by their owners? Okay your you could still argue, that any Debian developer implicitly gives permission to re-distribute his key... but what about the public signatures on them? Or what if we want to explicitly block a certificate from a rogue CA, but that CA wouldn't allow us to distribute their cert or fingerprint? Cheers, Chris. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
