[Cryptography] What is going on with TrueCrypt?

Sidney Markowitz sidney at sidney.com
Sat May 31 21:08:19 EDT 2014


Jerry Leichter wrote, On 1/06/14 8:41 am:
> I've never had any reason to look at TC in detail.  Can anyone summarize 
> just what the license do and don't allow?

The license itself looks to me, a non-lawyer, like an unprofessional attempt
to write a basically free and open source license. It has clauses saying that
you can freely distribute TC and its source code. You can distribute modified
versions of TC and its source code as a standalone product or as part of your
won software as long as you meet certain conditions of making your own
modifications and combined software freely available in source, and include
certain notices and acknowledgments.

My non-lawyer take is that the license was written by a non-lawyer who did not
know how to make the license say what they meant to say, leaving a number of
ambiguities, loopholes, and clauses which would make it incompatible with GPL.

Here is a link to a summary of Red Hat's legal people's reasons why they could
not make use of TC with the TC license. It doesn't list all of the flaws, only
the main ones that make it so there is no reason to list more minor ones that
would still by themselves be enough to block its use:

"TrueCrypt licensing concern"
http://lists.freedesktop.org/archives/distributions/2008-October/000276.html

As a non-lawyer comparing the way the TC license expresses concepts to the way
they appear in GPL and the way FSF talks about license compatibility in their
FAQ, my immediate reactions were 1) The way they express requirements for
acknowledgment might have the same incompatibility with the GPL as the
advertising clause in the original BSD license; 2) The remaining clauses read
to me as if the author intended to provide restrictions equivalent to those in
the GPL with the addition of preventing anyone from charging money; 3) The
writing of the license by a non-lawyer in this case resulted in something that
can't really be trusted to actually say what the author intended to say.

 Sidney Markowitz
 http://sidney.com


More information about the cryptography mailing list