[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#814352: ITP: veracrypt -- Cross-platform on-the-fly encryption

On Wed, 10 Feb 2016 18:07:48 +0100 Mike Gabriel wrote:

>  1.
>  Is VeraCrypt suitable for the non-free section of Debian?

I am not sure: the TC-3.0 license is still fairly unclear (at least
to my eyes), so I cannot really speculate on its possible

>  .
>  2.
>  I suppose VeraCrypt is not suitable for the main section of Debian
>  as the TC-3.0 license is not DFSG-compliant. I suppose
>  this has not changed for VeraCrypt, compared to TrueCrypt, right?

Personally, I think this package should stay away from Debian main.
As I said, I am not even sure it is safe to be distributed in the
non-free archive.

>  .
>  3.
>  The new upstream maintainer also states that all novelties of the code
>  are licensed under the Apache-2.0 license, but as long as any line from
>  the original code sticks out, the licensing of the code is governed by
>  the original Truecrypt 3.0 license, right?

Then I am not sure I understand why the debian/copyright file draft
you sent states

  Files: *
  Copyright: 2003-2011, TrueCrypt Developers Association
             2013-2014, IDRIX
  License: TC-3.0 or Ms-PL

What's Ms-PL ? Shouldn't it be Apache-2.0 ?
Moreover, "or" means dual-licensing, but I understand this to be a
code-mixing case: I think "and" should be used instead.

for more details.

Anyway, without looking at any further details, a question arises:
why are you packaging veracrypt for the non-free archive? what does
it offer that tcplay doesn't?


I hope this helps a little.

 There's not a second to spare! To the laboratory!
..................................................... Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE

Attachment: pgpGKdEflrOJw.pgp
Description: PGP signature

Reply to: