[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[zen@freedbms.net: Veracrypt license - how to change it]

My other email addy is still banned for life from all debian lists it
seems, so forwarding the below as it may be of interest to some.


----- Forwarded message from Zenaan Harkness <zen@freedbms.net> -----

From: Zenaan Harkness <zen@freedbms.net>
To: stevep@mxlinux.org, debian-legal@lists.debian.org
Cc: CypherPunks <cypherpunks@lists.cpunks.org>, lwn@lwn.net, unit193@ubuntu.com
Date: Wed, 7 Aug 2019 17:28:53 +1000
Subject: Veracrypt license - how to change it

Hi Stephen, I'm hoping you will know who to contact.

The Veracrypt code and therefore license inherits from TrueCrypt.

The TrueCrypt code license is declared by the FSF to be a non-free
software license, and has been determined by the Debian community to
be not distributable by Debian due to its terms.

Truecrypt maintained an aloof/ not contactable type of arrangement
with the public, then disappeared altogether.

In the interests of having Veracrypt be distributable by Debian,
all Veracrypt code must be licensed accordingly.

This can be done by public notice (see below).

Doing so would be somewhat similar to how the MAME community caused
their source code license to be changed from "problematic for Debian/
the FSF etc" into something distributable by Debian etc (I think they
went to GPL).

Here's what the Veracrypt community would need to do:

 - make a public announcement that they will, after DURATION say 1
   year, change the license to all outstanding source code inherited
   from TrueCrypt, to be Apache/GPL/whatever

 - include in the announcement that any party objecting must contact
   the developers at BLAH (email list address, or list of developer
   email addresses)

 - wait the DURATION

 - change the source files to reflect the license change, to be the
   new license as declared DURATION period prior

The announcement needs to be published and made generally publicly
available - e.g. at Slashdot, LWN, on the Veracrypt home page, etc.

Legally, this does a few things:

 - gives general public Notice (legal concept), that something will
   be done in the future, thus satisfying the general duty of care to
   the public that something will be done which may affect the
   interests of the public

 - gives the only possible notice available to be given to the
   original developers (assuming they are no longer contactable)

 - provides a genuine and reasonable opportunity for any affected
   parties to contact the Veracrypt developers and make an actual

 - parties who remain silent, are thereafter (after time period
   DURATION) "taken to have tacitly consented"

The above is legally sufficient to make such a change, and the MAME
community is at least one example where this legal technique of
Public Notice has been used effectively.

If no objections are raised by anyone in DURATION time period, then
the Veracrypt developers can at that point unilaterally change the
license to be the new/ newly declared license.

If an objection -is- raised, and if the person objecting is an actual
copyright holder of certain Truecrypt code, then that particular code
can thereafter be rewritten.  Other than this, objections are
unlikely to be legally substantive and may well be able to be
ignored.  Notwithstanding, all objections should be responded to as
to what position is being taken in relation to that objection (this
is part of the duty of care to the general public/ others in our

Kind regards,

----- End forwarded message -----

Reply to: