Hi, Wow, that's a lot of license text. There are multiple bits in these licenses that I don't like.
> TrueCrypt License Version 2.3 > [...] > II. Terms and Conditions for Use, Reproduction, and Distribution > > 1. You [must] ensure that all the legal notices and > documents (containing, e.g., the text of this License, references to > this License, etc.) included with This Product are included with every > copy of This Product that you make and distribute This might be clutching at straws, but I don't like the requirement to include verbatim all "legal notices". My reasoning is that "legal notices" could be interpreted to imply notices about patents. In a jurisdiction that does not allow software patents, I do not think people should be forced to convey notices about patents that simply do not apply to them. I suppose this is why debian-legal likes to analyse the freeness of software as opposed to licenses; my criticism certainly doesn't apply if there are no such patent notices. > III. Terms and Conditions for Modification and Derivation of New > Products > > 1. [...] > > c. Phrase "Based on TrueCrypt, freely available at > http://www.truecrypt.org/" must be displayed by Your Product (if > technically feasible) I think it's obnoxious to have to have to include this exact phrase in the product (as opposed to just in the documentation, or merely requiring any reasonable attribution). :( However, this is similar to what's allowed in GPLv3. I certainly didn't like the clause in the GPLv3, and I wasn't the only one, but I don't remember there being any consensus that it's non-free. > and contained in its documentation. > [...] In > each of the cases mentioned above in this paragraph, > "http://www.truecrypt.org/" must be a hyperlink (if technically > feasible) pointing to http://www.truecrypt.org/ Obnoxious. It's generally technically feasible to implement the hyperlink, but it can still be a hassle. For example, the GTK+ about box lets you add a hyperlink easily, but only on its own and not in the middle of arbitrary text. > Your Product (and any associated materials, e.g., the documentation, > the content of the official web site of Your Product, etc.) must not > present any Internet address containing the domain name > truecrypt.org (or any domain name that forwards to the domain name > truecrypt.org) in a manner that suggests that it is where > information about Your Product may be obtained or where bugs found > in Your Product may be reported or where support for Your Product > may be available or otherwise attempt to indicate that the domain > name truecrypt.org is associated with Your Product. It's fair enough that in the derived work you aren't allowed to misrepresent truecrypt.org as the originator of the derived product. However, there's the possibility that I link to a support website out of my control that is subsequently forwarded to truecrypt.org. > VI. General Terms > > 1. You may not use, modify, reproduce, derive from, (re)distribute, or > sublicense This Product, or portion(s) thereof, except as expressly > provided under this License. Any attempt (even if permitted by > applicable law) otherwise to use, modify, reproduce, derive from, > (re)distribute, or sublicense This Product, or portion(s) thereof, > automatically and immediately terminates Your rights under this License. This paragraph explicitly denies rights available under fair use or fair dealing. Hopefully a non-op (?), but not good. All the above was about the "TrueCrypt License version 2.3". The other license I have trouble with is a short one. > ____________________________________________________________ > > This is an independent implementation of the encryption algorithm: > > Twofish by Bruce Schneier and colleagues > > which is a candidate algorithm in the Advanced Encryption Standard > programme of the US National Institute of Standards and Technology. > > Copyright in this implementation is held by Dr B R Gladman but I hereby > give permission for its free direct or derivative use subject to > acknowledgment of its origin and compliance with any conditions that the > originators of the algorithm place on its exploitation. I know the reference implementation for Twofish is in the public domain, and it's not been patented. But what happens, hypothetically, if Bruce Schneier were to publicly assert that people should not use the algorithm, say for moral reasons. Or what if he said "people should not use this algorithm [as it is no longer considered secure enough". Could those situations not revoke my license to use this software? IANAL. Regards, -- Iain Nicol -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]