On 09/12/2016 00:48, David E. Ross wrote:
On 12/8/2016 1:41 PM, Jakob Bohm wrote [in part]:
It is in particular noted that these things are a lot less than what
any of the regular CC licenses permit. For example, Mozilla has no
reason to require that other CA operators be permitted to reuse the
documents as their own, even though such other CA operators are
encouraged to participate in the permitted activities, such as publicly
talking about the practices of their competitor.
The Attribution-NoDerivs (CC-BY-ND) license cited by Markham does what
you request: limit the use of the subject documents to distribution
without alteration. Thus, a certification authority's CP covered by
CC-BY-ND could not be reused by another certification authority because
such reuse would involve changing the name of the certification
authority within the CP.
Use by another CA does not *necessarily* require rewording of the
documents, someone brash enough to do that might have not qualms about
leaving the original CAs name in the legal document and just explaining
it away outside the document.
Also such reuse by a competing CA was just one of two *examples* I gave
of why a CA might not want to use a specific license of Mozilla's
choosing.
The other /example/ I gave was that they might be under legal
obligation (e.g. to governments, digital signature laws etc.) do use a
different license that happens to be sufficiently permissive (it could
even be more permissive than CC-BY-ND, just with different legal
details).
For example, a CP or CPS document might incorporate text from (or even
being) an official digital signature standard or digital signature law,
subject to whichever license applies to other standards/laws issued by
the same body. Thus the copyright in the CP/CPS might partially belong
to e.g. ETSI or the government of country XX.
Hence why I suggested providing a list of actual requirements, similar
to how other open projects deal with requirements for 3rd party
licenses. For example, standards organizations typically requires Free
(as in beer) licensing or standardized technology (some even accept
RAND licensing).
I also don't think Mozilla requires all libraries linked into official
Firefox downloads to be under a Mozilla license (GPL/MPL/etc.), as long
as they don't interfere with the Mozilla licensing.
As a third example, the text of the GPL license applied to Mozilla
source code is itself not under the GPL or any CC license, but under
specific terms found in the preamble of the GPL text.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
