Eddy Nigg (StartCom Ltd.) wrote: > Since sometimes there are some licensing concerns with the certdata.txt > file, I wanted to know exactly what one is allowed to do. If for example > by merely extracting the CA certificates with a tool like > http://curl.haxx.se/lxr/source/lib/mk-ca-bundle.pl still requires the > resulting CA bundle to be bound to the tri-license of Mozilla? Or can I > simply extract all CA certificates from the browser by exporting them?
I think the correct position is that the certdata.txt file is data used by Mozilla, rather than part of the browser itself. It's a grey area. The copyright in the certificates technically rests with the CAs, but it would be a very strange CA which forbade you from shipping their certificate in your product. I'm not sure what the legal position would be there. Gerv _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
