[Cryptography] What is going on with TrueCrypt?
Sidney Markowitz
sidney at sidney.com
Sun Jun 1 21:08:10 EDT 2014
ianG wrote, On 2/06/14 1:45 am:
> Actually, I wanted to compare the original 2.6 as referenced in that
> post you linked to. To declare my colours, I wanted to see if the 'Red
> Hat legal people' were as bad as they evidenced themselves to be. But
Version 2.6 was the first (incomplete) response to the Red Hat criticisms.
This is version 2.5, which is the one that the Red Hat lawyers criticized:
http://copyfree.org/content/standard/rejected/truecrypt2.5/license.txt
I don't have a direct link to the text of license version 2.6, but all old
versions of TrueCrypt are archived at the following link so you can see any
license if you want by downloading and unpacking the distribution. The license
version history after 2.5 is
TrueCrypt version
* 6.1, 6.1a, 6.2: `TrueCrypt License Version 2.6`
* 6.2a: `TrueCrypt License Version 2.7`
* 6.3, 6.3a: `TrueCrypt License Version 2.8`
* 7.0, 7.0a, 7.1, 7.1a: `TrueCrypt License Version 3.0`
* 7.2: `TrueCrypt License Version 3.1`
Link to historical archives of TrueCrypt:
https://github.com/DrWhax/truecrypt-archive
> Contracts and licences are the roadmap for disputes, they
> are *by definition* not promises to not sue but are rather the agreement
> under which the suit is held.
When I look at the license for some software, I want to know that I can use it
the way I want to without getting into any trouble with the vendor or author.
Whether it says that I would likely win a lawsuit is not nearly as relevant as
reassurance that the vendor is not going to be bothered by what I do enough to
come after me. When the license says "you may do this" that is a promise not
to sue that provides a high degree of reassurance if I want to "do this".
> If you don't understand the lawyer, then you've not moved an inch from
> that fate. The advantage of not using a lawyer is that the
> responsibility rests with only one fool.
obCrypto: I consider writing your own license similar to writing your own
crypto. The field is too specialized, the twists and turns are too tricky. No
matter how much hobby time I've spent reading up about open source licenses I
would choose from amongst GNU GPL, BSD, Apache 2.0, etc. to select the one
most closely expressing what I want, not try to demonstrate my clever ability
to write exactly what I want. If I'm going to have the responsibility I'm not
going to have someone like me hack something custom together.
Sidney Markowitz
http://sidney.com
More information about the cryptography
mailing list