Thanks for your answer! Gervase Markham wrote: > Eddy Nigg (StartCom Ltd.) wrote: > >> Since sometimes there are some licensing concerns with the certdata.txt >> file, I wanted to know exactly what one is allowed to do. If for example >> by merely extracting the CA certificates with a tool like >> http://curl.haxx.se/lxr/source/lib/mk-ca-bundle.pl still requires the >> resulting CA bundle to be bound to the tri-license of Mozilla? Or can I >> simply extract all CA certificates from the browser by exporting them? >> > > I think the correct position is that the certdata.txt file is data used > by Mozilla, rather than part of the browser itself. It's a grey area. > So is the assumption correct, that if I or anybody else extracts the CA certificates from certdata.txt and uses the result of it, isn't bound to any licensing constraints, similar as the content of a web page which the browser displays isn't part of the software itself? > The copyright in the certificates technically rests with the CAs, but it > would be a very strange CA which forbade you from shipping their > certificate in your product. I'm not sure what the legal position would > be there. At this stage I mostly care about the Mozilla licenses and need a clear answer, if a third party can make use of an extract of the certdata.txt. Personally I would believe this to be the case, but I want to have that confirmed in some way in order to let other products make use of it without being bound to the tri-license of Mozilla.
-- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security