<p dir="ltr">Might be a good idea to finally start the list of non-open licenses someone suggested a few months ago ;) </p>
<p dir="ltr">Luis</p>
<div class="gmail_quote">On Oct 14, 2013 2:28 PM, "Tom Callaway" <<a href="mailto:tcallawa@redhat.com">tcallawa@redhat.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On 10/14/2013 09:32 PM, Karl Fogel wrote:<br>
> Obviously, I'd like to see TrueCrypt be truly open source. The ideal<br>
> solution is not to have them remove the words "open source" from their<br>
> self-description, but rather for their software to be under an<br>
> OSI-approved open source license<br>
<br>
I have not looked at the TrueCrypt license (in depth) in quite some<br>
time, but when Fedora and Red Hat reviewed it in 2008, not only was it<br>
non-free, it was actually dangerous.<br>
<br>
(from 2008):<br>
<a href="http://lists.freedesktop.org/archives/distributions/2008-October/000273.html" target="_blank">http://lists.freedesktop.org/archives/distributions/2008-October/000273.html</a><br>
<a href="http://lists.freedesktop.org/archives/distributions/2008-October/000276.html" target="_blank">http://lists.freedesktop.org/archives/distributions/2008-October/000276.html</a><br>
<br>
They appear to have reworded some concerning parts of that license,<br>
however, when we pointed out these concerns to them directly in 2008,<br>
their response was to forcefully (and rather rudely) reply that the<br>
problems caused by their license wording were not problems, but<br>
intentional. That alone gave us serious concern as to the intentions of<br>
the upstream, especially given the nature of the software under that<br>
license.<br>
<br>
Notable is that Section VI.3 appears to be the same in the TrueCrypt<br>
license as it was in 2008. It is arguably necessary for any Free or Open<br>
Source license to waive some "intellectual property rights" in order to<br>
share those rights (which default to being exclusive to the copyright<br>
holder) with others. This section was noted to the TrueCrypt upstream<br>
(in 2008) as potentially conflicting with the rest of the license, and<br>
again, they pointed out that they were aware of the potential conflict<br>
and that it was _intentional_.<br>
<br>
In short, we were forced to conclude the license was worded the way that<br>
it was (with clever wording traps) as a sort of sham license.<br>
<br>
For what it is worth, I'm not sure the OSI should voluntarily spend any<br>
time or effort on the TrueCrypt license unless the TrueCrypt copyright<br>
holder brings it forward themselves with a willingness to address these<br>
issues in a serious and reasonable fashion.<br>
<br>
The fact that there are other FOSS implementations for TrueCrypt (most<br>
notably tc-play (<a href="https://github.com/bwalex/tc-play" target="_blank">https://github.com/bwalex/tc-play</a>) minimizes the need<br>
to resolve these issues with the upstream, which is why Fedora stopped<br>
attempting to do so quite some years ago.<br>
<br>
~tom<br>
<br>
==<br>
Fedora Project<br>
_______________________________________________<br>
License-discuss mailing list<br>
<a href="mailto:License-discuss@opensource.org">License-discuss@opensource.org</a><br>
<a href="http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss" target="_blank">http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss</a><br>
</blockquote></div>