[Cryptography] What is going on with TrueCrypt?

Sun Jun 1 08:30:27 EDT 2014

On Sun, Jun 1, 2014 at 12:46 AM, Sidney Markowitz <sidney at sidney.com> wrote:
> ianG wrote, On 1/06/14 3:26 pm:
>> I have a feeling that this thread has already sunk to a
>> GPL-versus-the-world crusade.  Before responding, and allowing pause for
>> reflection, can someone post a current link to the license, so both
>> sides can be considered?
>
> Here are the links for the previous two versions of license. Aside from any
> other problems with the license, the Readme.txt files make no provision for
> applying the Version 3.1 license that comes with TrueCrypt 7.2 to TrueCrypt
> 7.1a, which comes with the Version 3.0 license. The only difference between
> them is that the license for 7.1a requires a link to get the original code
> from truecrypt.org to appear in any documentation and in the splash-screen,
> about box, etc. Does that mean a fork of 7.1a (7.2 removes all encrypt code)
> has to contain an obsolete link to truecrypt.org?
>
> The new version 3.1 license that is part of the last TrueCrypt 7.2 is here:
> https://raw.githubusercontent.com/warewolf/truecrypt/7.2/License.txt
>
> The version 3.0 license:
> https://raw.githubusercontent.com/warewolf/truecrypt/master/License.txt
>
> This might be a better way to phrase what I was trying to say, which has
> nothing to do with "GPL-versus-the-world".
>
> Reading the license I get the impression that the author intends to require
> similar restrictions to the GPL with the additional restriction that nobody
> make money from derived code (so no commercial derivatives or forks); that it
> was not written by a lawyer and so may be full of unintended implications;
> that the intended restrictions would prevent someone forking it if they want
> their project to have a BSD type license; that the attempt to prevent for-fee
> use and other perhaps sloppily written clauses would prevent someone who wants
> to fork with added code under GPL from doing so. I'm left wondering if there
> is a license that someone who wants to fork can reasonably use.
>
> I intended to point out that there might be problems forking the project under
> any license, with GPL being only the most obvious one with which there would
> be a problem.

Well that might have been the intention. I know that in the past
employers have released under GPL rather than BSD precisely to prevent
competitors from making use of the stuff in their products.

As for not lawyering the license, that would only make a difference in
litigation. And spending a half million dollars to prevent someone
using stuff that you gave away for 'free' usually does not make much
sense.

There are two occasions where a corporate lawyer would read such a
contract. The first is when they are asked if the company can use the
product. And then they are going to give a very pessimistic view that
makes no account of any possible loopholes. They are only going to
make use of loopholes in the second when it comes to litigation.