[License-discuss] TrueCrypt license (not OSI-approved; seeking history, context).

Luis Villa luis at lu.is
Mon Oct 14 22:32:10 UTC 2013


Might be a good idea to finally start the list of non-open licenses someone
suggested a few months ago ;)

Luis
On Oct 14, 2013 2:28 PM, "Tom Callaway" <tcallawa at redhat.com> wrote:

> On 10/14/2013 09:32 PM, Karl Fogel wrote:
> > Obviously, I'd like to see TrueCrypt be truly open source.  The ideal
> > solution is not to have them remove the words "open source" from their
> > self-description, but rather for their software to be under an
> > OSI-approved open source license
>
> I have not looked at the TrueCrypt license (in depth) in quite some
> time, but when Fedora and Red Hat reviewed it in 2008, not only was it
> non-free, it was actually dangerous.
>
> (from 2008):
>
> http://lists.freedesktop.org/archives/distributions/2008-October/000273.html
>
> http://lists.freedesktop.org/archives/distributions/2008-October/000276.html
>
> They appear to have reworded some concerning parts of that license,
> however, when we pointed out these concerns to them directly in 2008,
> their response was to forcefully (and rather rudely) reply that the
> problems caused by their license wording were not problems, but
> intentional. That alone gave us serious concern as to the intentions of
> the upstream, especially given the nature of the software under that
> license.
>
> Notable is that Section VI.3 appears to be the same in the TrueCrypt
> license as it was in 2008. It is arguably necessary for any Free or Open
> Source license to waive some "intellectual property rights" in order to
> share those rights (which default to being exclusive to the copyright
> holder) with others. This section was noted to the TrueCrypt upstream
> (in 2008) as potentially conflicting with the rest of the license, and
> again, they pointed out that they were aware of the potential conflict
> and that it was _intentional_.
>
> In short, we were forced to conclude the license was worded the way that
> it was (with clever wording traps) as a sort of sham license.
>
> For what it is worth, I'm not sure the OSI should voluntarily spend any
> time or effort on the TrueCrypt license unless the TrueCrypt copyright
> holder brings it forward themselves with a willingness to address these
> issues in a serious and reasonable fashion.
>
> The fact that there are other FOSS implementations for TrueCrypt (most
> notably tc-play (https://github.com/bwalex/tc-play) minimizes the need
> to resolve these issues with the upstream, which is why Fedora stopped
> attempting to do so quite some years ago.
>
> ~tom
>
> ==
> Fedora Project
> _______________________________________________
> License-discuss mailing list
> License-discuss at opensource.org
> http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20131014/560d8670/attachment.html>


More information about the License-discuss mailing list