On Wed, 2008-10-08 at 09:03 +1100, Ben Finney wrote: > Which seems to come to a contradictory conclusion > <URL:http://lists.debian.org/debian-legal/2006/07/msg00009.html>; i.e. > that the license *is* free under the DFSG. (On a quick reading, I > incline more toward the “non-free” side, but that's not something to > be discussed at length here.) > > I'd very much like to see Tom Calloway's reference for *why* the > license terms are such a serious risk; preferably, placed in (or > linked from) the Fedora wiki page where the work is forbidden.
Sorry for the delay, I just needed to clear it with counsel for me to share our analysis. These remarks are against v2.5 of the TrueCrypt license: Section III: 1. d. : This provision requires distribution of source code if you distribute "Your Product". However, it says To meet this condition, it is sufficient that You merely include the source code with every copy of Your Product that You make and distribute . . . *provided that You make the copies available to the general public free of charge*; it is also sufficient that You merely include information . . . about where the source code can be freely obtained . . . with every copy of Your Product that You make and distribute . . . *provided that You make the copies available to the general public free of charge*. This is ambiguous, but the best reading of "the copies" seems to refer to "every copy of Your Product that You make and distribute". That therefore means that if you distribute modified versions of TrueCrypt, you cannot charge for copies. That is non-free. We suggested that the first paragraph of 1d be changed to: If you distribute Your Product in a form other than source code, the complete source code of Your Product must be freely and publicly available (for exceptions, see Section III.2) at least until You cease to distribute Your Product. To meet this condition, it is sufficient that You merely include the source code with every copy of Your Product that You make and distribute (see also below in this Subsection III.1.d for conditions that licenses governing the source code must meet) provided that you make the source code available to the general public free of charge; it is also sufficient that You merely include information (valid and correct at least until You cease to distribute Your Product) about where the source code can be freely obtained (e.g. an Internet address, etc.) with every copy of Your Product that You make and distribute (see also below in this Subsection III.1.d for conditions that licenses governing the source code must meet) provided that You make the source code available to the general public free of charge. In addition, because there is no counterpart in III to II.2, there is some doubt about whether "Your Product" can be used commercially. Therefore, the following clause should be added to section III: Provided that You comply with all applicable terms and conditions of this License, You may use Your Product freely on any number of computers/systems for non-commercial and/or commercial purposes. Alternatively, II.2 could be generalized to "Your Product" as well as "This Product". Section VI, Paragraph 2: The license says: NOTHING IN THIS LICENSE SHALL IMPLY OR BE CONSTRUED AS A PROMISE, OBLIGATION, OR COVENANT NOT TO SUE FOR COPYRIGHT OR TRADEMARK INFRINGEMENT. We proposed that it be replaced with: NOTHING IN THIS LICENSE SHALL IMPLY OR BE CONSTRUED AS A PROMISE, OBLIGATION, OR COVENANT NOT TO SUE FOR TRADEMARK INFRINGEMENT. While Fedora certainly has no intent to commit copyright infringement, our counsel advises that licenses are promises not to sue. If Fedora complies with all of the conditions and/or obligations imposed by this license, we would not be protected from a lawsuit from TrueCrypt. If we cannot rely on this license granting us copyright permissions, counsel advises us that this license is non-free. The TrueCrypt license term in question declares that nothing in the license constitutes a promise not to sue for copyright infringement. Our counsel advises that a plain reading of this indicates that if Fedora complies with all the requirements of the TrueCrypt license, we would nonetheless have no assurance that TrueCrypt will not sue me for my acts of copying, distribution, creation of derivative works, and so forth. Normally, a free software license can be considered as a promise not to sue for actions that are allowed under the license. Our counsel noted that it is a promise not to sue for actions that are allowed under the license *even if those actions would otherwise constitute copyright infringement*. The statement in the TrueCrypt license casts doubt on whether the fully compliant licensee is shielded from the possibility of a copyright infringement suit from TrueCrypt (to which no defense of license would be effective). To be blunt, our counsel advised that what the TrueCrypt license explicitly says is that no matter how faithfully we comply with those conditions or obligations, we still have no expectation that such compliance gives rise to any obligation or undertaking on TrueCrypt's part not to sue us for copyright infringement. TrueCrypt seems to be reserving the right to sue any licensee for copyright infringement, no matter whether they comply with the conditions of the license or not. Based on this, our counsel advised that above and beyond being non-free, software under this license is not safe to use. Section VI, Paragraph 3: The license says: 3. This license does not constitute or imply a waiver of any intellectual property rights. This license does not transfer, assign, or convey any intellectual property rights (e.g., it does not transfer ownership of copyrights or trademarks). We proposed that it be replaced with: This License does not constitute or imply a waiver of any intellectual property rights, other than as specifically stated in this License. This License does not transfer, assign, or convey any intellectual property rights (e.g., it does not transfer ownership of copyrights or trademarks). The rational provided by our counsel is as follows: In effect TrueCrypt ought to be waiving certain of its rights for this to be operative as a license. Free software licenses do involve waivers of rights. Our counsel advised us that this license has the appearance of being full of clever traps, which make the license appear to be a sham (and non-free). There were other minor issues that might also make the license non-free, but given TrueCrypts unwillingness to address any of these more serious issues, I have omitted them. Hope that helps, ~tom _______________________________________________ Distributions mailing list Distributions@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/distributions