Alexander Sack wrote:
I think, what some (or a certain amount of) project members complain about, is the absense of objective, written criteria. Those criteria should somehow define which criteria X has to satisfy in order to get judged competent.
Such criteria are very hard to define. To show why, let me ask you a question: given a number of free software packages which do the same thing, how do you decide which one to use? On the web, how do you decide which online businesses you will buy goods from?
Publishing a clear policy would be the single best chance to convince a good amount of them - my guess of course, nothing more. Nevertheless, maybe trying to work out a guideline might be sufficient too. I understand that this is no easy job, but maybe it helps.
But how would such a guideline be worded? We can't say "we'd match this ticklist of criteria", because we may find that someone meets them and we still don't trust them to do a good job. We can't say "we'd consider this list of factors", because we might want to look at other factors as well.
Judging from this, and from the assumption that we do not want to maintain and enforce a pool of trademarks on our own, I would say that it is our job to work out some criteria that a *good* free-software distributor should/can fulfill in order to do good to upstream (in terms that those distributors will honor and try their best not to harm upstreams trademark). Other projects could adapt those criteria as well and upstreams - like Mozilla - could publish those criteria as being suitable for determining the distributors competence ... what a perfect world ;).
The problem with this is that every upstream will have a different view of what a distributor should or shouldn't do in order to keep using the trademark. For example, The Mozilla Foundation wouldn't let anyone use the trademark if they exposed their users to significant risk by unquestioningly adding root certificates to the store from anyone who requested such addition. However, a vendor of another product which didn't have a root cert store wouldn't consider this issue; yet another product might be using a completely different security mechanism with its own potential risky actions a distributor could take. So you would end up with statements like "doesn't put users at risk", which are so vague as to be useless.
I think that instead, Debian has to come up with a policy, hopefully along the lines of the agreement I outlined originally, so you can say "we will use the trademarks of anyone who will do a deal with us like this - so it's easy to remove the marks, so they can't force us to remove them from frozen versions, so... etc.".
But again, perhaps that won't happen for a while :-) Gerv -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
