On Wed, 17 Feb 2016 11:39:00 +0000 Mike Gabriel wrote: [...] > (taking debian-edu-pkg-team @ Alioth into the discussion loop, as that > would be the maintainer team for VeraCrypt in Debian)
OK, fine. > > On Mi 17 Feb 2016 00:17:28 CET, Francesco Poli wrote: > > > On Wed, 10 Feb 2016 18:07:48 +0100 Mike Gabriel wrote: > > > > [...] > >> 1. > >> Is VeraCrypt suitable for the non-free section of Debian? > > > > I am not sure: the TC-3.0 license is still fairly unclear (at least > > to my eyes), so I cannot really speculate on its possible > > implications... > > Hmmm... ok. I think the ftpmasters would be glad about some guidance > on why you see veracrypt (not the TC 3.0 license, see below) unfit for > Debian non-free. I have already uploaded VeraCrypt to Debian > NEW/non-free and it is waiting approval/rejection from an ftpmaster. I didn't say that veracrypt is clearly unfit for the non-free archive. I said that the TC-3.0 license is unclear, and that I am consequently not sure about the possibility to distribute a package including code under such a license (even in the non-free archive). I hope I clarified what I meant. > > Also, it'd be interesting if the upstream people of VeraCrypt can > apply any change(s) to the upstream sources, their VeraCrypt license > or whatever, to make the software fit at least for Debian non-free. If VeraCrypt upstream developers (IDRIX, I suppose) are in good terms with the copyright holders for the Truecrypt version they forked from (TrueCrypt Developers Association, I suppose) and can persuade them to agree to a re-licensing of the code-base, the outcome could be definitely interesting. Everything re-licensed under the terms of the 3-clause-BSD license would be a huge win for everyone, since it would mean the possibility to upload veracrypt to Debian main (assuming no other showstopper comes up). [...] > >> 3. > >> The new upstream maintainer also states that all novelties of the code > >> are licensed under the Apache-2.0 license, but as long as any line from > >> the original code sticks out, the licensing of the code is governed by > >> the original Truecrypt 3.0 license, right? > > [...] > > > > Then I am not sure I understand why the debian/copyright file draft > > you sent states > > Files: * > > Copyright: 2003-2011, TrueCrypt Developers Association > > 2013-2014, IDRIX > > License: TC-3.0 or Ms-PL > > > > What's Ms-PL ? Shouldn't it be Apache-2.0 ? > > Moreover, "or" means dual-licensing, but I understand this to be a > > code-mixing case: I think "and" should be used instead. > > > > See > > https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ > > for more details. > > Oh, I am sorry. With this mail, I have attached the latest > debian/copyright file as I have it now after having it reworked two > days ago. I should have sent an updated copy to debian-legal > immediately. Sorry for that. Mmmmh, I cannot see any attachment. Was it forgotten or lost somehow? > > As it seems, the VeraCrypt upstream people have come up with a new > license, the VeraCrypt license. See attached copyright file for details. Please send the updated debian/copyright file... [...] > > Anyway, without looking at any further details, a question arises: > > why are you packaging veracrypt for the non-free archive? what does > > it offer that tcplay doesn't? > > > > See > > https://packages.debian.org/sid/tcplay > > https://tracker.debian.org/pkg/tcplay > > I have checked tcplay and also zulucrypt-gui again. We provide > veracrypt to teachers / students at school that come from the Windows > realm mainly. For them, it is essential to recognize some pieces of > software on our Linux environment that they have become so used to on > their Windows machines. VeraCrypt (for formerly TrueCrypt) is such an > application. Teachers here in Germany have to encrypt all personal > data that they carry around, so they need _one_ cross platform tool > for that. I'd be happy to provide that piece of software to other > people in Debian (Edu). > > Working on the command line (tcplay) is not an option for the > teachers, we support here. Then I hope someone will develop a GUI front-end for tcplay, if it is so important for at least one category of users... > And personally, I just tried out > zulucrypt-gui the second time and I could not get it running as > non-root. This is probably possible, I did not spend much time on > this, but honestly, I prefer a solution that works right away. Also > ZuluCrypt feels a little nerdy, not so user friendly as VeraCrypt > currently is. Mmmmh, I see. -- http://www.inventati.org/frx/ There's not a second to spare! To the laboratory! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
pgpXqMNnPmFZa.pgp
Description: PGP signature
