[firstname.lastname@example.org: Veracrypt license - how to change it]
My other email addy is still banned for life from all debian lists it
seems, so forwarding the below as it may be of interest to some.
----- Forwarded message from Zenaan Harkness <email@example.com> -----
From: Zenaan Harkness <firstname.lastname@example.org>
To: email@example.com, firstname.lastname@example.org
Cc: CypherPunks <email@example.com>, firstname.lastname@example.org, email@example.com
Date: Wed, 7 Aug 2019 17:28:53 +1000
Subject: Veracrypt license - how to change it
Hi Stephen, I'm hoping you will know who to contact.
The Veracrypt code and therefore license inherits from TrueCrypt.
The TrueCrypt code license is declared by the FSF to be a non-free
software license, and has been determined by the Debian community to
be not distributable by Debian due to its terms.
Truecrypt maintained an aloof/ not contactable type of arrangement
with the public, then disappeared altogether.
In the interests of having Veracrypt be distributable by Debian,
all Veracrypt code must be licensed accordingly.
This can be done by public notice (see below).
Doing so would be somewhat similar to how the MAME community caused
their source code license to be changed from "problematic for Debian/
the FSF etc" into something distributable by Debian etc (I think they
went to GPL).
Here's what the Veracrypt community would need to do:
- make a public announcement that they will, after DURATION say 1
year, change the license to all outstanding source code inherited
from TrueCrypt, to be Apache/GPL/whatever
- include in the announcement that any party objecting must contact
the developers at BLAH (email list address, or list of developer
- wait the DURATION
- change the source files to reflect the license change, to be the
new license as declared DURATION period prior
The announcement needs to be published and made generally publicly
available - e.g. at Slashdot, LWN, on the Veracrypt home page, etc.
Legally, this does a few things:
- gives general public Notice (legal concept), that something will
be done in the future, thus satisfying the general duty of care to
the public that something will be done which may affect the
interests of the public
- gives the only possible notice available to be given to the
original developers (assuming they are no longer contactable)
- provides a genuine and reasonable opportunity for any affected
parties to contact the Veracrypt developers and make an actual
- parties who remain silent, are thereafter (after time period
DURATION) "taken to have tacitly consented"
The above is legally sufficient to make such a change, and the MAME
community is at least one example where this legal technique of
Public Notice has been used effectively.
If no objections are raised by anyone in DURATION time period, then
the Veracrypt developers can at that point unilaterally change the
license to be the new/ newly declared license.
If an objection -is- raised, and if the person objecting is an actual
copyright holder of certain Truecrypt code, then that particular code
can thereafter be rewritten. Other than this, objections are
unlikely to be legally substantive and may well be able to be
ignored. Notwithstanding, all objections should be responded to as
to what position is being taken in relation to that objection (this
is part of the duty of care to the general public/ others in our
----- End forwarded message -----