在 2016年12月9日星期五 UTC+8上午5:42:29,Jakob Bohm写道: > On 08/12/2016 21:48, Gervase Markham wrote: > > Require CAs to publish their CPs and CPSes under one of the following > > Creative Commons licenses: CC-BY, CC-BY-SA or CC-BY-ND. > > > > This is so that there is no legal impediment to their proper storage, > > scrutiny etc. by relying parties. > > > > Proposal: add an additional paragraph to point 17 of the Inclusion > > policy, as follows: > > > > CPs and CPSes must be made available to Mozilla under one of the > > following Creative Commons licenses: Attribution (CC-BY), > > Attribution-ShareAlike (CC-BY-SA) or Attribution-NoDerivs (CC-BY-ND). If > > none of these licenses is indicated, the fact of application is > > considered as permission from the CA to allow Mozilla and the public to > > deal with these documents, and any later versions for root certificates > > which are included in Mozilla's trust store, under CC-BY-ND. > > > > (We would add links to the relevant license terms where each is mentioned.) > > > > This could easily conflict with other legal obligations, such as > requirements to license said documents under a specific other license. > > It would be more realistic to add wording which simply requires the > specific things that Mozilla, Relying parties, Subscribers and other > interested parties (such as the participants in this group) should be > allowed to do with those documents, for example: > > - Publicly and privately read the documents. > - Publicly and privately Comment on and discuss the documents and > their meaning, including quoting from the documents in such > discussions. > - Storing, disseminating etc. discussion messages, regardless if they > contain such quotations or not. > - Store complete unaltered copies for later reference, even after a > document is no longer applicable, and make such unaltered copies > available as documentation as to what those documents contained at > relevant times in the past. > - Create non-binding "printouts" in formats such as paper, onscreen > display, copies in formats suitable for such use (including plain > text etc.). > - Apply technical precautions to ensure the permitted copies do not > change content or meaning. (For example, if the original document is > provided as a HTML5 file, embedded script, CSS etc. might cause it to > change depending on when, where and by whom it is being read, many > other file formats have similar risks). > - Act and make decisions in reliance on those documents to the extend > Mozilla had not received prior notification of changes to document > content or validity. > > It is in particular noted that these things are a lot less than what > any of the regular CC licenses permit. For example, Mozilla has no > reason to require that other CA operators be permitted to reuse the > documents as their own, even though such other CA operators are > encouraged to participate in the permitted activities, such as publicly > talking about the practices of their competitor. > > > Enjoy > > Jakob > -- > Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com > Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 > This public discussion message is non-binding and may contain errors. > WiseMo - Remote Service Management for PCs, Phones and Embedded
I agree with you. So anyone can explain why we require the specific license on CP/CPS? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy