http://truecrypt.com/ advertises itself as "free open-source disk encryption software". However, the license is not OSI-approved:
http://www.truecrypt.org/legal/license Does anyone know of any history of consideration or discussion about this license, at the OSI, FSF, or elsewhere? Please keep me CC'd on any followups. The license is actually a main TrueCrypt custom license, plus some included third-party licenses, one of which looks BSD-ish, one of which looks zlib-ish, and one of which (the "Encryption for the Masses" license) looks like it might be its own custom license. Oy. Various people have commented to me that they see potential problems with the TrueCrypt license w.r.t. the OSD. I'd be happy if we could surface all those concerns in this thread. One potential problem I see is that the trademark protection language is so over-the-top strong that it might be construed to prevent even nominative use of the name. For example, suppose someone distributes a modified version of Truecrypt and, on receiving a bug report about their derivative, posted a response on their website -- and possibly in some docs in their distribution tree -- saying "I don't know if upstream TrueCrypt at TrueCrypt.org has this problem too." Would the current license make the authors of the derivative unacceptably vulnerable to possible harassment from TrueCrypt from that? Maybe. Obviously, I'd like to see TrueCrypt be truly open source. The ideal solution is not to have them remove the words "open source" from their self-description, but rather for their software to be under an OSI-approved open source license :-). -Karl _______________________________________________ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss