[Cryptography] What is going on with TrueCrypt?

Sun Jun 1 09:45:38 EDT 2014

On 1/06/2014 05:46 am, Sidney Markowitz wrote:
> ianG wrote, On 1/06/14 3:26 pm:
>> I have a feeling that this thread has already sunk to a
>> GPL-versus-the-world crusade.  Before responding, and allowing pause for
>> reflection, can someone post a current link to the license, so both
>> sides can be considered?
> 
> Here are the links for the previous two versions of license.

Actually, I wanted to compare the original 2.6 as referenced in that
post you linked to.  To declare my colours, I wanted to see if the 'Red
Hat legal people' were as bad as they evidenced themselves to be.  But
without the other license, we are left with only self-evident bloopers
like this:

   " While Fedora certainly has no intent to commit
     copyright infringement, our counsel advises
     *that licenses are promises not to sue*. "

(my emphasis)  Contracts and licences are the roadmap for disputes, they
are *by definition* not promises to not sue but are rather the agreement
under which the suit is held.

(I came across these people with another matter.  The way they advised
their client had to be seen to be believed, their misunderstandings of
contracts in particular and business in general were bald-faced.)

obCrypto:  crypto projects that don't understand the law are doomed to
waste a lot of resource.  C.f., 'Digital signing' is one such historical
trainwreck that misunderstood the law of signing, one famous chat system
has unintended consequence of slam-dunk entrapment, and 'contracts' in
the p2p finance world is an emerging herd of blindfolded lemmings.

> Aside from any
> other problems with the license, the Readme.txt files make no provision for
> applying the Version 3.1 license that comes with TrueCrypt 7.2 to TrueCrypt
> 7.1a, which comes with the Version 3.0 license. The only difference between
> them is that the license for 7.1a requires a link to get the original code
> from truecrypt.org to appear in any documentation and in the splash-screen,
> about box, etc. Does that mean a fork of 7.1a (7.2 removes all encrypt code)
> has to contain an obsolete link to truecrypt.org?
> 
> The new version 3.1 license that is part of the last TrueCrypt 7.2 is here:
> https://raw.githubusercontent.com/warewolf/truecrypt/7.2/License.txt
> 
> The version 3.0 license:
> https://raw.githubusercontent.com/warewolf/truecrypt/master/License.txt
> 
> This might be a better way to phrase what I was trying to say, which has
> nothing to do with "GPL-versus-the-world".
> 
> Reading the license I get the impression that the author intends to require
> similar restrictions to the GPL with the additional restriction that nobody
> make money from derived code (so no commercial derivatives or forks);

Yes, I got that impression too.  I have no beef with that because, last
I checked, I'm a living eating programmer, and I don't like stealing
bread for my table.  I agree they could have said it more clearly, but
then, life is not always kind to the hard-working programmer.

> that it
> was not written by a lawyer and so may be full of unintended implications;

If you don't understand the lawyer, then you've not moved an inch from
that fate.  The advantage of not using a lawyer is that the
responsibility rests with only one fool.

> that the intended restrictions would prevent someone forking it if they want
> their project to have a BSD type license; that the attempt to prevent for-fee
> use and other perhaps sloppily written clauses would prevent someone who wants
> to fork with added code under GPL from doing so. I'm left wondering if there
> is a license that someone who wants to fork can reasonably use.

Might be.

> I intended to point out that there might be problems forking the project under
> any license, with GPL being only the most obvious one with which there would
> be a problem.

Granted.

iang J.D. U.Grisham.