On Mon, 22 Jan 2007, Alex van den Bogaerdt wrote:
On Sun, Jan 21, 2007 at 07:47:25PM -0500, Stuart D. Gathman wrote:
If the SPF result is pass based on MAIL FROM when it should be, it isn't really
our problem if SID gets the wrong result. (Except that evil and clueless
people will blame the wrong result on "SPF", I know.)
It becomes our problem as soon as we stamp an OK on an implementation.
That's correct and its very important to remember that if we provide
certain special license for using the logo then in fact we become an
arbitrator if there is perceived to be a problem with the specification.
Now I do have some other comments on the logo that are not specifically
reply to the above message:
First of all I think its important to note that compliance should be
given to specific version of the program and that use of the logo
should either be for that specific version or for versions derived
from it but for derived only for certain period of time (say one year)
and not forever i.e. they have to renew license and do compliance
tests regularly when releasing new versions of the software because
even if one version passed that does not say anything about future
directions of the program (this is one of those problems known in the
industry as far as false advertising goes). Also as above comment
suggests I'd recommend having specifically v=spf1 and RFC and test
suite mentioned also just RFC4408 would generally be acceptable too.
The license text itself is actually going to be even more important
then the logo and should be reviewed quite a bit and go through
discussions here. If possible it should also go through legal review
if there is a lawyer willing to do it pro-bono for the project.
Also all programs that have applied and received license for using
the logo should be listed at some special page linked from the
implementations page together with the name of the person from
the company or open-source program who has signed under license
agreement (do not take it to mean written signature; electronic
confirmation with PGP or SMIME signature is in my view acceptable
for such cases). The logo itself when used at their website should
link to that page as well (obviously logo logo could also be used
in placing where linking is not possible so it would not be good
to make it requirement but just recommendation for use).
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?list_id=735