[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: TrueCrypt License 2.5

On Thu, 25 Sep 2008 12:50:51 +0200 Philipp Hübner wrote:

> Hello,
> I would like to know if TrueCrypt 6 would be accepted for non-free.
> I know there have already been 2 threads about the TrueCrypt License:
> http://lists.debian.org/debian-legal/2006/06/msg00294.html
> http://lists.debian.org/debian-legal/2008/01/msg00122.html
> The actual TrueCrypt Licensen Version 2.5 is available at
> http://www.truecrypt.org/legal/license which I have pasted for possible
> reference.

Thanks for quoting the full license text.

I don't have enough time for a detailed analysis, unfortunately.
A first glance at a wdiff between version 1.2 and version 2.5 of the
license shows that, a part from cosmetic changes, things haven't
improved much.  On the contrary, it seems that the license has become
more and more restrictive.

Two new restrictions I noticed are the following ones.

| V. Trademarks
| Any attempt otherwise to use trademarks associated with
| (or applying to) This Product automatically and immediately terminates
| Your rights under This License and may constitute trademark infringement
| (which may be prosecuted).

Trademark infringement terminates all rights under the license.

| VI. General Terms and Conditions, Miscellaneous Provisions
| 4. Subject to the terms and conditions of this License, You may allow a
| third party to use Your copy of This Product (or a copy that you make
| and distribute, or Your Product, or respective parts thereof) provided
| that the third party overtly accepts and agrees to be bound by all terms
| and conditions of this License and the third party is not prohibited
| from using This Product (or portions thereof) by this License (see,
| e.g., Section VI.6) or by applicable law. However, You are not obligated
| to ensure that the third party accepts (and agrees to be bound by all
| terms of) this License if You distribute only the self-extracting
| package (containing This Product) that does not allow the user to
| install (nor extract) the files contained in the package until he or she
| accepts and agrees to be bound by all terms and conditions of this License.

You are forced to make sure people who receive a copy from you agree to
be bound by the license, possibly through a click-wrap mechanism.
This is not only non-free, but a practical issue as well.

With respect to the issues I spotted in version 1.2
(http://lists.debian.org/debian-legal/2008/01/msg00136.html), the only
thing I saw improved is the vanishing of the Dr B R Gladman's twofish
implementation license...

> I'm sure that TrueCrypt would not be accepted for Debian (main), but is
> it alright for non-free?

I am not sure, the click-wrap obligations could be a practical issue,
even for non-free...
Anyway, I am not overly interested in checking whether something can be
shipped in non-free: I'll wait for others to express their opinion.

> Please don't suggest to hint the TrueCrypt guys towards relicensing,
> that won't help me (although that would be the best).

Their "let's restrict it a bit more" trend is not promising at
all...  :-(


 The nano-document series is here!
..................................................... Francesco Poli .
 GnuPG key fpr == C979 F34B 27CE 5CD8 DC12  31B5 78F4 279B DD6D FCF4

Attachment: pgp3Fo9y_3hav.pgp
Description: PGP signature

Reply to: