[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: TrueCrypt License 2.3

On sam, 2008-01-12 at 20:27 +0100, Francesco Poli wrote:
> The plain text version of the licence may be found at
> http://www.truecrypt.org/docs/License.txt
> and is pasted below in its entirety.


      * I think this software is fine for main if we package it the
        iceweasel way (new name, new artwork).
      * The advertising clause is very obnoxious but still acceptable. 
      * I also have a wonder about the TrueCrypt license, but it can be
        easily clarified (at worst by asking Bruce Schneier directly).

Comments about the different licenses follow.

> TrueCrypt License Version 2.3

This looks like a generic copyleft license. Specific clauses follow.

>     a. The name of Your Product (or of Your modified version of This Product)
>     must not contain the name TrueCrypt (for example, the following names are
>     not allowed: TrueCrypt, TrueCrypt+, TrueCrypt Professional, iTrueCrypt,
>     etc.) nor any of its variations that can be easily confused with the name
>     TrueCrypt (e.g., True-Crypt, True Crypt, TrueKrypt, TruCrypt, etc.)

Name change clause, it is fine.

>     All graphics files showing any TrueCrypt logo (including the non-textual
>     logo consisting primarily of a key in stylized form) must be removed from
>     Your Product (or from Your modified version of This Product) and from any
>     associated materials. Logo(s) included in (or attached to) Your Product
>     (or in/to associated materials) must not incorporate and must not be
>     confusingly similar to any of the TrueCrypt logos or portion(s) thereof.

Which means we need to remove them from the package as well.

>     c. Phrase "Based on TrueCrypt, freely available at
>     http://www.truecrypt.org/"; must be displayed by Your Product (if
>     technically feasible) and contained in its documentation. Alternatively, if
>     This Product or its portion You included in Your Product comprises only a
>     minor portion of Your Product, phrase "Portions of this product are based
>     in part on TrueCrypt, freely available at http://www.truecrypt.org/"; may be
>     displayed instead. In each of the cases mentioned above in this paragraph,
>     "http://www.truecrypt.org/"; must be a hyperlink (if technically feasible)
>     pointing to http://www.truecrypt.org/ and you may freely choose the
>     location within the user interface (if there is any) of Your Product (e.g.,
>     an "About" window, etc.) and the way in which Your Product will display the
>     respective phrase.

This is the most questionable clause. It looks much like a mix between
the OpenSSL advertising clause and the GPL warranty disclaimer. I don’t
like the clause, but I don’t feel it breaks any of the DFSG, especially
because it is reasonable about the requirements (“if technically
feasible”, you’re free to choose how to put it…)

>     d. The complete source code of Your Product must be freely and publicly
>     available (for exceptions, see Sections III.2 and III.3) at least until you
>     cease to distribute Your Product. To meet this condition, it is sufficient
>     that You merely include the source code with every copy of Your Product
>     that you make and distribute; it is also sufficient that You merely include
>     information (valid and correct at least until you cease to distribute Your
>     Product) about where the source code can be freely obtained (e.g., an
>     Internet address, etc.) with every copy of Your Product that you make and
>     distribute. 

This is fine and passes the desert island and dissident tests.

> 2. You are not obligated to comply with Sections III.1.a, III.1.b, III.1.c, and
> III.1.d, if all conditions specified in one of the two following paragraphs are
> met:
>     a. Your Product is an operating system distribution, or other aggregate
>     software distribution (such as a cover CD-ROM of a magazine) containing
>     products from different sources, in which You include either This Product
>     without any modifications or file(s) which You obtain by compiling the
>     unmodified source code of This Product.

This is a nice clause to allow distributors to keep the name;
unfortunately it requires keeping the non-free logos, so this looks like
an iceweasel case.

> 4. You shall indemnify, defend and hold all (co)authors of This Product, their
> agents and associates, and applicable copyright/trademark owners, harmless
> from/against any liability, loss, expense, damages, claims or causes of action,
> arising out of Your use, inability to use, reproduction, (re)distribution,
> import and/or (re)export of This Product (or portions thereof) and/or Your
> breach of any term of this License.

Indemnification clause, similar to the IBM public license.

> ____________________________________________________________
> License agreement for Encryption for the Masses.

Simple non-copyleft license with name change clause and advertising

> This product can be copied and distributed free of charge, including
> source code.

“Free of charge” is ambiguous here, but the rest of the license implies
clearly that it is possible to sell derived works, so the only sane
interpretation is that you don’t have to pay a fee to distribute your
own copies.

> ____________________________________________________________

> This package is an SSL implementation written
> by Eric Young (eay@cryptsoft.com).

> Redistribution and use in source and binary forms, with or without
> modification, are permitted provided that the following conditions
> are met:

Similar to the standard 4-clause BSD license.

> ____________________________________________________________
> Copyright (c) 1998-2006, Brian Gladman, Worcester, UK. All rights reserved.

> The free distribution and use of this software in both source and binary
> form is allowed (with or without changes) provided that:

Dual-licensed under 3-clause BSD and GPL. (GPL can’t apply here because
of the incompatibilities with other licenses.)

> ____________________________________________________________
>         Twofish by Bruce Schneier and colleagues

> Copyright in this implementation is held by Dr B R Gladman but I
> hereby give permission for its free direct or derivative use subject
> to acknowledgment of its origin and compliance with any conditions
> that the originators of the algorithm place on its exploitation.

This is very unclear, but we may have already received clarification for
this specific code. Are there packages in the archive using twofish?

> ____________________________________________________________
> Copyright (c) 2001 Markus Friedl.  All rights reserved.
> Redistribution and use in source and binary forms, with or without
> modification, are permitted provided that the following conditions
> are met:

2-clause BSD.

: :' :      We are debian.org. Lower your prices, surrender your code.
`. `'       We will add your hardware and software distinctiveness to
  `-        our own. Resistance is futile.

Attachment: signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=

Reply to: