[License-discuss] TrueCrypt license (not OSI-approved; seeking history, context).

Luis Villa luis at lu.is
Mon Oct 14 23:07:58 UTC 2013

And to be clear, I say that without having thoroughly read the license. At
a glance, the "no charge" issue mentioned in Spot's links seems to remain,
but at least one other is remedied, possibly two.

On Oct 14, 2013 3:32 PM, "Luis Villa" <luis at lu.is> wrote:

> Might be a good idea to finally start the list of non-open licenses
> someone suggested a few months ago ;)
> Luis
> On Oct 14, 2013 2:28 PM, "Tom Callaway" <tcallawa at redhat.com> wrote:
>> On 10/14/2013 09:32 PM, Karl Fogel wrote:
>> > Obviously, I'd like to see TrueCrypt be truly open source.  The ideal
>> > solution is not to have them remove the words "open source" from their
>> > self-description, but rather for their software to be under an
>> > OSI-approved open source license
>> I have not looked at the TrueCrypt license (in depth) in quite some
>> time, but when Fedora and Red Hat reviewed it in 2008, not only was it
>> non-free, it was actually dangerous.
>> (from 2008):
>> http://lists.freedesktop.org/archives/distributions/2008-October/000273.html
>> http://lists.freedesktop.org/archives/distributions/2008-October/000276.html
>> They appear to have reworded some concerning parts of that license,
>> however, when we pointed out these concerns to them directly in 2008,
>> their response was to forcefully (and rather rudely) reply that the
>> problems caused by their license wording were not problems, but
>> intentional. That alone gave us serious concern as to the intentions of
>> the upstream, especially given the nature of the software under that
>> license.
>> Notable is that Section VI.3 appears to be the same in the TrueCrypt
>> license as it was in 2008. It is arguably necessary for any Free or Open
>> Source license to waive some "intellectual property rights" in order to
>> share those rights (which default to being exclusive to the copyright
>> holder) with others. This section was noted to the TrueCrypt upstream
>> (in 2008) as potentially conflicting with the rest of the license, and
>> again, they pointed out that they were aware of the potential conflict
>> and that it was _intentional_.
>> In short, we were forced to conclude the license was worded the way that
>> it was (with clever wording traps) as a sort of sham license.
>> For what it is worth, I'm not sure the OSI should voluntarily spend any
>> time or effort on the TrueCrypt license unless the TrueCrypt copyright
>> holder brings it forward themselves with a willingness to address these
>> issues in a serious and reasonable fashion.
>> The fact that there are other FOSS implementations for TrueCrypt (most
>> notably tc-play (https://github.com/bwalex/tc-play) minimizes the need
>> to resolve these issues with the upstream, which is why Fedora stopped
>> attempting to do so quite some years ago.
>> ~tom
>> ==
>> Fedora Project
>> _______________________________________________
>> License-discuss mailing list
>> License-discuss at opensource.org
>> http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20131014/e3567267/attachment.html>

More information about the License-discuss mailing list