Re: licence for Truecrypt
Karl Goetz writes:
> Hi all
> I was looking at truecrypt, and noticed that the licence is not
> considered 'free' by Klause Knopper[1], but i don't see a view from
> debian-legal. does anyone know if this licence [2] would be free
> enough to ship with debian?
> Or, for that matter, if its come up before on the list and i couldn't
> find it, please do link me there :)
>
> [1] http://lists.debian.org/debian-knoppix/2006/06/msg00019.html
> [2] http://www.truecrypt.org/license.php
> Karl
The license shows many signs of being written by someone with just
enough knowledge to be legally dangerous. One sign is the frequent
use of alternatives -- "features/functionalities",
"product/modifications", and so forth -- rather than defining a
minimal set of terms up front and using them later.
>From III.1.d.:
"Complete source code of your product or of the modified version must be
freely and publicly available. If the source code is not included with
every copy of your product/modifications, there must be a well-publicized
means of obtaining the source code, preferably, downloading via the
Internet without charge. The source code must not be deliberately
obfuscated, and it must not be in an intermediate form (e.g., the output of
a preprocessor). Source code means the preferred form in which a programmer
would usually modify the program."
This is a lawyerbomb. It is not clear that including a copy of the
full source code with every copy you distribute is sufficient, and it
is not clear whether "every copy of your product/modifications" is
meant to apply to copies made by third parties.
>From III.3.b.:
"Your product/modifications (as defined in Section III.1.) are
distributed and used only internally within the organization and only by
members/employees of the organization for which you created the
product/modifications and of which you were a member/employee when you
created the product/modifications. (Here the word "organization" means
a non-commercial or commercial organization, or a government agency.)"
Another lawyerbomb. Under traditional laws of agency and employment,
this is redundant of III.3.a, except that it mixes in the vague term
"member" with the term of art "employee".
>From V.:
"1. Where applicable, the component licenses contained in parts of the
source code and quoted below herein (Section "Component Legal
Notices") might take precedence over the TrueCrypt License.
2. This product is provided under the terms of this license
(agreement). Any use, reproduction, distribution, or modification
of this product or any of its parts constitutes recipient's
acceptance of this agreement."
I don't think V.2 will stick in the US for plain use of the software,
and it is overbroad insofar as V.1 acknowledges that certain parts are
governed by different licenses.
Overall, this seems like a fairly pointless and dangerous but not
clearly unfree license; GPLv2 or v2+ with SSL exception and a
trademark note on appropriate use of "TrueCrypt" and "TrueCrypt
Foundation" seem like a much clearer choice.
Michael Poole
Reply to: