[License-discuss] TrueCrypt license (not OSI-approved; seeking history, context).

Rick Moen rick at linuxmafia.com
Wed Oct 16 00:30:33 UTC 2013

Quoting Tom Callaway (tcallawa at redhat.com):

> On 10/14/2013 09:32 PM, Karl Fogel wrote:
> > Obviously, I'd like to see TrueCrypt be truly open source.  The ideal
> > solution is not to have them remove the words "open source" from their
> > self-description, but rather for their software to be under an
> > OSI-approved open source license
> I have not looked at the TrueCrypt license (in depth) in quite some
> time, but when Fedora and Red Hat reviewed it in 2008, not only was it
> non-free, it was actually dangerous.
> (from 2008):
> http://lists.freedesktop.org/archives/distributions/2008-October/000273.html
> http://lists.freedesktop.org/archives/distributions/2008-October/000276.html

FWIW, these address the wording in revision 2.5.

> They appear to have reworded some concerning parts of that license,
> however, when we pointed out these concerns to them directly in 2008,
> their response was to forcefully (and rather rudely) reply that the
> problems caused by their license wording were not problems, but
> intentional. That alone gave us serious concern as to the intentions of
> the upstream, especially given the nature of the software under that
> license.

When I looked at the licence (v. 2.7 release) in August 2009, it
_looked_ to me as if they had ironed out all the problems you quite
rightly pointed out in 2008.  (There were similar critiques on
debian-legal and Ubuntu Launchpad.)

Or so I judged at the time in a footnote to a _Linux Gazette_ article,
FWIW (http://linuxgazette.net/165/maiorano.html#1).  I'd completely
forgotten about those paragraphs until just now, when I read the
startling intelligence in
that 'Tech blogger Rick Moen' had given TrueCrypt License Version 2.7 an
OSD clean bill of health.

(My parents did not raise any bloggers.  I've double-checked, just to be

I have not looked at TrueCrypt License since then.  (Revised to add:
Current licence revision 3.0 appears to fix the problems Red Hat Legal
noted in 2.5's clause IIId language, and I surmise that that's what I
saw in 2.7 as well.  Can't recall the details of 2.7, as it's been a

Karl Fogel wrote:

> One potential problem I see is that the trademark protection language is
> so over-the-top strong that it might be construed to prevent even
> nominative use of the name.

Srsly?  Which bit?  The III[abc] bits in the 3.0 revision are noxious
and (as you say) entirely over the top, but banning occurrences of
'TrueCrypt' that 'could reasonably be considered to identify Your
Product' does not equate to preventing nominative use.  You can still
say 'MyCrypt is way better than TrueCrypt[tm], on which it's based,
which sucks rocks through a thin, Rijndael-encrypted straw, and which is
produced by people with a dreadfully bad attitude.'

Cheers,                 Some people, when confronted with a problem, think,
Rick Moen               "I know, I'll use Dvorak!"  Now they have k,s rosnpdm;e
rick at linuxmafia.com                                   -- Colter Reed
McQ! (4x80)  

More information about the License-discuss mailing list