[License-discuss] TrueCrypt license (not OSI-approved; seeking history, context).

Karl Fogel kfogel at opensource.org
Mon Oct 14 23:06:19 UTC 2013

On Mon, Oct 14, 2013 at 5:32 PM, Luis Villa <luis at lu.is> wrote:
> Might be a good idea to finally start the list of non-open licenses someone
> suggested a few months ago ;)

Oh, that is *such* a good idea.

This is the "list of licenses that people often mistake for being open
source, or whose authors claim are open source, but are actually not
or at least have not been evaluated by the OSI", right?


> On Oct 14, 2013 2:28 PM, "Tom Callaway" <tcallawa at redhat.com> wrote:
>> On 10/14/2013 09:32 PM, Karl Fogel wrote:
>> > Obviously, I'd like to see TrueCrypt be truly open source.  The ideal
>> > solution is not to have them remove the words "open source" from their
>> > self-description, but rather for their software to be under an
>> > OSI-approved open source license
>> I have not looked at the TrueCrypt license (in depth) in quite some
>> time, but when Fedora and Red Hat reviewed it in 2008, not only was it
>> non-free, it was actually dangerous.
>> (from 2008):
>> http://lists.freedesktop.org/archives/distributions/2008-October/000273.html
>> http://lists.freedesktop.org/archives/distributions/2008-October/000276.html
>> They appear to have reworded some concerning parts of that license,
>> however, when we pointed out these concerns to them directly in 2008,
>> their response was to forcefully (and rather rudely) reply that the
>> problems caused by their license wording were not problems, but
>> intentional. That alone gave us serious concern as to the intentions of
>> the upstream, especially given the nature of the software under that
>> license.
>> Notable is that Section VI.3 appears to be the same in the TrueCrypt
>> license as it was in 2008. It is arguably necessary for any Free or Open
>> Source license to waive some "intellectual property rights" in order to
>> share those rights (which default to being exclusive to the copyright
>> holder) with others. This section was noted to the TrueCrypt upstream
>> (in 2008) as potentially conflicting with the rest of the license, and
>> again, they pointed out that they were aware of the potential conflict
>> and that it was _intentional_.
>> In short, we were forced to conclude the license was worded the way that
>> it was (with clever wording traps) as a sort of sham license.
>> For what it is worth, I'm not sure the OSI should voluntarily spend any
>> time or effort on the TrueCrypt license unless the TrueCrypt copyright
>> holder brings it forward themselves with a willingness to address these
>> issues in a serious and reasonable fashion.
>> The fact that there are other FOSS implementations for TrueCrypt (most
>> notably tc-play (https://github.com/bwalex/tc-play) minimizes the need
>> to resolve these issues with the upstream, which is why Fedora stopped
>> attempting to do so quite some years ago.
>> ~tom
>> ==
>> Fedora Project
>> _______________________________________________
>> License-discuss mailing list
>> License-discuss at opensource.org
>> http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss

More information about the License-discuss mailing list