Hi Gerv, Gervase Markham wrote: > > The copyright status of the data does not change as a result of you > obtaining it from us as opposed to obtaining it directly from the CA. > Or I could simply push the "Backup" button of the certificate viewer? Except that in this very specific case, the copyright of the different CA certificates are perhaps that of the CAs themselves. However distribution of the CA root is many times part of the CP/CPS of the various CAs and most of the time encouraged (The relying party should be able to verify the signer and CRLs etc)? > If you or your lawyer are concerned that the data may be "tainted" by > being "passed through" Mozilla CVS, then you should re-visit each CA and > download their root certificate from them directly. >
No, this isn't my concern. > What's the problem with being bound to the tri-licence anyway? "Choose > the MPL", and then the licensing conditions don't affect any of the rest > of your code. certdata.txt is a self-contained file. Right, the problem is, that some projects use different licenses then one of the three, making it under certain circumstances incompatible. However since the content or extraction of the certdata.txt file can be loaded at run-time as opposed at compile time, this problem could be solved that way easily. -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security