On 10/14/2013 09:32 PM, Karl Fogel wrote: > Obviously, I'd like to see TrueCrypt be truly open source. The ideal > solution is not to have them remove the words "open source" from their > self-description, but rather for their software to be under an > OSI-approved open source license
I have not looked at the TrueCrypt license (in depth) in quite some time, but when Fedora and Red Hat reviewed it in 2008, not only was it non-free, it was actually dangerous. (from 2008): http://lists.freedesktop.org/archives/distributions/2008-October/000273.html http://lists.freedesktop.org/archives/distributions/2008-October/000276.html They appear to have reworded some concerning parts of that license, however, when we pointed out these concerns to them directly in 2008, their response was to forcefully (and rather rudely) reply that the problems caused by their license wording were not problems, but intentional. That alone gave us serious concern as to the intentions of the upstream, especially given the nature of the software under that license. Notable is that Section VI.3 appears to be the same in the TrueCrypt license as it was in 2008. It is arguably necessary for any Free or Open Source license to waive some "intellectual property rights" in order to share those rights (which default to being exclusive to the copyright holder) with others. This section was noted to the TrueCrypt upstream (in 2008) as potentially conflicting with the rest of the license, and again, they pointed out that they were aware of the potential conflict and that it was _intentional_. In short, we were forced to conclude the license was worded the way that it was (with clever wording traps) as a sort of sham license. For what it is worth, I'm not sure the OSI should voluntarily spend any time or effort on the TrueCrypt license unless the TrueCrypt copyright holder brings it forward themselves with a willingness to address these issues in a serious and reasonable fashion. The fact that there are other FOSS implementations for TrueCrypt (most notably tc-play (https://github.com/bwalex/tc-play) minimizes the need to resolve these issues with the upstream, which is why Fedora stopped attempting to do so quite some years ago. ~tom == Fedora Project _______________________________________________ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss