Re: licence for Truecrypt

To: debian-legal@lists.debian.org
Subject: Re: licence for Truecrypt
From: dtufs <dtufs@yahoo.com>
Date: Wed, 28 Jun 2006 03:36:01 -0700 (PDT)
Message-id: <[🔎] 20060628103601.65628.qmail@web50506.mail.yahoo.com>
Michael Poole writes:

> One sign is the frequent use of alternatives --
> "features/functionalities", "product/modifications",
> and so forth -- rather than defining a minimal set
> of terms up front and using them later.

In reality, use of alternatives, either in brackets or
slash-separated can only clarify the meaning and make
it more precise (not vice versa). Likewise, giving
examples in brackets in a license text can only
clarify the meaning or extent (not vice versa). 

This does not affect the 'free software status' of the
license.


> >From III.1.d.:
>    "Complete source code of your product or of the
modified version must be
>     freely and publicly available. If the source
code is not included with
>     every copy of your product/modifications, there
must be a well-publicized
>     means of obtaining the source code, preferably,
downloading via the
>     Internet without charge. The source code must
not be deliberately
>     obfuscated, and it must not be in an
intermediate form (e.g., the output of
>     a preprocessor). Source code means the preferred
form in which a programmer
>     would usually modify the program."
> 
> This is a lawyerbomb.  It is not clear that
> including a copy of the full source code with every
> copy you distribute is sufficient, and it is not
> clear whether "every copy of your 
> product/modifications" is meant to apply to copies
> made by third parties.

This might be true. However, it does not affect the
'free software status' of the license (it is clearly
required that "source code of your product or of the
modified version must be freely and publicly
available").

The term "Your product" is clearly defined in Section
III.1 (it includes the meaning of "derivative work").


>>From III.3.b.:
>   "Your product/modifications (as defined in Section
III.1.) are
>    distributed and used only internally within the
organization and only by
>    members/employees of the organization for which
you created the
>    product/modifications and of which you were a
member/employee when you
>    created the product/modifications. (Here the word
"organization" means
>    a non-commercial or commercial organization, or a
government agency.)"
>
>Another lawyerbomb.  Under traditional laws of agency
>and employment, this is redundant of III.3.a, except
>that it mixes in the vague term "member" with the
>term of art "employee".

First, what does "traditional laws of agency and
employment" mean? Depending on the jurisdiction (on
the country whose laws apply to the licensee),
distribution to other individuals within a corporate
entity might be qualified as public distribution. 

Second, "member" is not a vague term. Foundations, for
instance, may have employees and members. Again, this
also largely depends on the country whose laws apply
to the licensee (laws in most countries actually
recognize the difference between "member" and
"employee").

Third, the section is not redundant of III.3.a. The
section III.3.a says:

    "a. Your product/modifications (as defined in
Section III.1.) are not
    distributed (i.e., your product/modifications are
available only to you)."

As I already wrote, since distribution within a
corporate entity might be qualified as public
distribution, the two sections apply to different
situations. Furthermore, section III.3.a specifies the
extent as: "your product/modifications are available
only to you". Thus, it may not apply to corporate
entities (hence, the need for section III.3.b).

As a side note, these sections give more "freedom" to
the licensee (i.e., exempt him or her from
obligations). Therefore, they do not negatively impact
the 'free software status' of the license (on the
contrary).


>>From V.:
>"1. Where applicable, the component licenses
contained in parts of the
>    source code and quoted below herein (Section
"Component Legal
>    Notices") might take precedence over the
TrueCrypt License.
>
> 2. This product is provided under the terms of this
license
>    (agreement). Any use, reproduction, distribution,
or modification
>    of this product or any of its parts constitutes
recipient's
>    acceptance of this agreement."
>
> I don't think V.2 will stick in the US for plain use
of the software,

Section V.2 is actually equal to Section 5 of the GPL,
which says:

"Therefore, by modifying or distributing the Program 
(or any work based on the Program), you indicate your
acceptance of this License"



> and it is overbroad insofar as V.1 acknowledges that
> certain parts are governed by different licenses.

Actually, the term 'This product' is defined in the
first section of the license as: 

    '1. "This product" means the parts of the computer
software,
    including, but not limited to, source code, texts,
graphics, and
    any accompanying files, released under and covered
by this version of
    this License.'

Note the words "parts of the computer software". These
parts are labeled in the source code, which declares
which part is governed by which license. The product
is multi-licensed and the license clarifies the term
"this product":

    'none of the following licenses applies to this
product as a whole, even
     when it uses the term "this product" or any other
equivalent term.'


> Overall, this seems like a fairly pointless and
> dangerous but not clearly unfree license;

The statement that the "license is not clearly unfree"
is vague and potentially misleading. It actually has
had negative consequences: The false statement of the
editor of the Debian news mailing list who wrote at:
http://www.debian.org/News/weekly/2006/26/ the
following: "Michael Poole answered that the license
isn't free at all". You might want to correct him. 

Your analysis did not present any points that would
indicate that the license is "unfree". My own overall
analysis of the license concludes that it is actually
as "free" as GPL (actually even more free than the
GPL).


> GPLv2 or v2+ with SSL exception and a trademark note
> on appropriate use of "TrueCrypt" and "TrueCrypt 
> Foundation" seem like a much clearer choice.

If you examined the TrueCrypt license, you could not
possible advise them to release their software under
the GPL. The fact that the product is multi-licensed
prevents it from being released under the GNU Public
License. In fact, they already attempted to release
TrueCrypt under the GPL several years ago, but some
authors of the other parts did not approve the change
of the license terms (as we know, the GPL "attaches"
itself to all parts of the product -- it does not
allow multi-licensing). I found a mention of this in
the change log at:
http://www.truecrypt.org/user-guide/?s=version-history2

'Released under the original E4M license to avoid
potential problems relating to the GPL license'

Regards,
John


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com
Reply to:
Follow-Ups:
- Re: licence for Truecrypt
  - From: MJ Ray <mjr@phonecoop.coop>
- Re: licence for Truecrypt
  - From: Michael Poole <mdpoole@troilus.org>
Prev by Date: Unknown license bits and public domain
Next by Date: Re: Unknown license bits and public domain
Previous by thread: Re: licence for Truecrypt
Next by thread: Re: licence for Truecrypt
Index(es):
- Date
- Thread