On Wed, 10 Feb 2016 18:07:48 +0100 Mike Gabriel wrote:
[...]
> 1.
> Is VeraCrypt suitable for the non-free section of Debian?
I am not sure: the TC-3.0 license is still fairly unclear (at least
to my eyes), so I cannot really speculate on its possible
implications...
> .
> 2.
> I suppose VeraCrypt is not suitable for the main section of Debian
> as the TC-3.0 license is not DFSG-compliant. I suppose
> this has not changed for VeraCrypt, compared to TrueCrypt, right?
Personally, I think this package should stay away from Debian main.
As I said, I am not even sure it is safe to be distributed in the
non-free archive.
> .
> 3.
> The new upstream maintainer also states that all novelties of the code
> are licensed under the Apache-2.0 license, but as long as any line from
> the original code sticks out, the licensing of the code is governed by
> the original Truecrypt 3.0 license, right?
[...]
Then I am not sure I understand why the debian/copyright file draft
you sent states
Files: *
Copyright: 2003-2011, TrueCrypt Developers Association
2013-2014, IDRIX
License: TC-3.0 or Ms-PL
What's Ms-PL ? Shouldn't it be Apache-2.0 ?
Moreover, "or" means dual-licensing, but I understand this to be a
code-mixing case: I think "and" should be used instead.
See
https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
for more details.
Anyway, without looking at any further details, a question arises:
why are you packaging veracrypt for the non-free archive? what does
it offer that tcplay doesn't?
See
https://packages.debian.org/sid/tcplay
https://tracker.debian.org/pkg/tcplay
I hope this helps a little.
Bye.
--
http://www.inventati.org/frx/
There's not a second to spare! To the laboratory!
..................................................... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
Attachment:
pgpGKdEflrOJw.pgp
Description: PGP signature