On Wed, 10 Feb 2016 18:07:48 +0100 Mike Gabriel wrote: [...] > 1. > Is VeraCrypt suitable for the non-free section of Debian?
I am not sure: the TC-3.0 license is still fairly unclear (at least to my eyes), so I cannot really speculate on its possible implications... > . > 2. > I suppose VeraCrypt is not suitable for the main section of Debian > as the TC-3.0 license is not DFSG-compliant. I suppose > this has not changed for VeraCrypt, compared to TrueCrypt, right? Personally, I think this package should stay away from Debian main. As I said, I am not even sure it is safe to be distributed in the non-free archive. > . > 3. > The new upstream maintainer also states that all novelties of the code > are licensed under the Apache-2.0 license, but as long as any line from > the original code sticks out, the licensing of the code is governed by > the original Truecrypt 3.0 license, right? [...] Then I am not sure I understand why the debian/copyright file draft you sent states Files: * Copyright: 2003-2011, TrueCrypt Developers Association 2013-2014, IDRIX License: TC-3.0 or Ms-PL What's Ms-PL ? Shouldn't it be Apache-2.0 ? Moreover, "or" means dual-licensing, but I understand this to be a code-mixing case: I think "and" should be used instead. See https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ for more details. Anyway, without looking at any further details, a question arises: why are you packaging veracrypt for the non-free archive? what does it offer that tcplay doesn't? See https://packages.debian.org/sid/tcplay https://tracker.debian.org/pkg/tcplay I hope this helps a little. Bye. -- http://www.inventati.org/frx/ There's not a second to spare! To the laboratory! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
pgp9irrr9xyGm.pgp
Description: PGP signature