For Approval: TrueCrypt Collective License Version 2.0

Wed Jul 12 22:31:49 UTC 2006

> We need the definition of the term "component license" to be part of 
> the license under which TrueCrypt is distributed. We also need to 
> retain the component licenses. We believe that this is the most 
> suitable solution.

I think it is a very bad solution.

I'd reject it on the grounds that it:

1) Encourages proliferation, and in fact a completely new type of 
   proliferation, in which every combination of compatible simple
   licences is also a licence in its own right.

2) Those who don't understand copyrights will not understand this licence -
   people on the list generally do, and they didn't; people who do
   understand copyrights almost certainly wouldn't touch it with a barge
   pole, as they could reasonably infer that, if TrueCrypt needed to give
   a recipe for constructing the licence, they didn't actually know what
   the resultant licence terms were themselves, so may not be legally
   able to distribute.

Other causes for concern are:

- misuse of licence agreements to implement trademarks;

- there seem to be too few component licences, which makes me suspect that
  someone has taken the SSLEAY code and tried to assert copyright on some
  of the files by only changing the copyright notice (I'd expect to see
  an OpenSSL licence without the trademark conditions, if you were really
  having component licences for every different licence involved);

- advertising clauses are generally discredited.

I think the right way of doing this is to work out an actual copyright 
licence for the binary that is compatible with the binary distribution
requirements of all the licences, and then license just the binary under
that licence and keep the original licences on each individual source
file.  There is no need to require that anyone building the binary from
source impose such a licence as anyone doing so should know the set of
licences that they need to be compatible with, and can come up with their
own solution, although, if yours is good, they will probably copy it.

Typically, with such a licence, people include an informative clause
pointing out that individual source files may have more liberal
licences.

Slightly less satisfactory is to enumerate the individual licences along
with the copyrights, that you ought to enumerate anyway, and indicate
which files (including any included binary) they apply to.

Incidentally, I suspect you can get round the composite licence by 
taking the individual parts and re-assembling them into the composite,
as the individual licences don't have any provision to invalidate 
such combinations.

Actually I think that if the open source rules have been set up correctly,
the result of intersecting licenses in this way should be either no
licence at all or a licence that meets the open source rules.  It would
be interesting to have a counter example.

IANAL  TINLA