Re: TrueCrypt License 2.3

To: debian-legal@lists.debian.org
Subject: Re: TrueCrypt License 2.3
From: Måns Rullgård <mans@mansr.com>
Date: Sun, 13 Jan 2008 13:12:44 +0000
Message-id: <[🔎] yw1xr6gloomr.fsf@mansr.com>
References: <[🔎] fmb15f$saf$1@news.albasani.net> <[🔎] 20080112202757.f9f81474.frx@firenze.linux.it> <[🔎] pan.2008.01.13.12.38.30@thenicols.net>

Iain Nicol <iain@thenicols.net> writes:

>> VI. General Terms
>> 
>> 1. You may not use, modify, reproduce, derive from, (re)distribute, or
>> sublicense This Product, or portion(s) thereof, except as expressly
>> provided under this License. Any attempt (even if permitted by
>> applicable law) otherwise to use, modify, reproduce, derive from,
>> (re)distribute, or sublicense This Product, or portion(s) thereof,
>> automatically and immediately terminates Your rights under this License.
>
> This paragraph explicitly denies rights available under fair use or fair 
> dealing. Hopefully a non-op (?), but not good.

If it were a contract, such a clause could be valid.  Whether licenses
like this are to be considered contracts is matter for debate.

Either way, the license has a clause about unenforcable terms:

  4. If any term of this License is found to be invalid or
  unenforceable under applicable law, You agree that it shall not
  affect the validity or enforceability of any other terms of this
  License that are found to be valid and enforceable under applicable
  law.

> All the above was about the "TrueCrypt License version 2.3". The other 
> license I have trouble with is a short one.
>> ____________________________________________________________
>> 
>> This is an independent implementation of the encryption algorithm:
>> 
>>         Twofish by Bruce Schneier and colleagues
>> 
>> which is a candidate algorithm in the Advanced Encryption Standard
>> programme of the US National Institute of Standards and Technology.
>> 
>> Copyright in this implementation is held by Dr B R Gladman but I hereby
>> give permission for its free direct or derivative use subject to

If the copyright is held be Dr Gladman, how can "I" (Schneier?) grant
any permission pertaining to it?

>> acknowledgment of its origin and compliance with any conditions that the
>> originators of the algorithm place on its exploitation.
>
> I know the reference implementation for Twofish is in the public domain, 
> and it's not been patented. But what happens, hypothetically, if Bruce 
> Schneier were to publicly assert that people should not use the 
> algorithm, say for moral reasons. Or what if he said "people should not 
> use this algorithm [as it is no longer considered secure enough". Could 
> those situations not revoke my license to use this software?

Note that the text says "algorithm", not "implementation".  If it is
not patented, there is nothing the "originators of the algorithm" can
do to stop it being used.

IANAL

-- 
Måns Rullgård
mans@mansr.com

Reply to:

Follow-Ups:
- Re: TrueCrypt License 2.3
  - From: Ken Arromdee <arromdee@rahul.net>

References:
- TrueCrypt License 2.3
  - From: Patrick Matthäi <patrick.matthaei@web.de>
- Re: TrueCrypt License 2.3
  - From: Francesco Poli <frx@firenze.linux.it>
- Re: TrueCrypt License 2.3
  - From: Iain Nicol <iain@thenicols.net>

Prev by Date: Re: TrueCrypt License 2.3
Next by Date: Micropolis GPL License Notice
Previous by thread: Re: TrueCrypt License 2.3
Next by thread: Re: TrueCrypt License 2.3
Index(es):
- Date
- Thread