Bug#814352: ITP: veracrypt -- Cross-platform on-the-fly encryption
Thanks Mike. I will add a notice here[1]. [1] https://wiki.debian.org/Software%20that%20can't%20be%20packaged Regards, Eriberto 2016-07-10 15:15 GMT-03:00 Mike Gabriel: > Control: close -1 > Control: tags -1 wontfix > > Hi Eriberto, > > On So 10 Jul 2016 00:05:12 CEST, Eriberto Mota wrote: > >> Hi, >> >> What is the current status of this package? >> >> Regards, >> >> Eriberto > > > Unfortunately, the ftp master team rejected the upload due to the dodgy > license history of Veracrypt / Truecrypt: > > On Fr 08 Jul 2016 02:00:09 CEST, Thorsten Alteholz wrote: > >> Hi Mike, >> >> unfortunately I have to reject your package. >> According to [1] "(...)TrueCrypt seems to be reserving the right to sue >> any licensee for copyright infringement, no matter whether they comply >> with the conditions of the license or not. Based on this, our counsel >> advised that above and beyond being non-free, software under this >> license is not safe to use. (...)" >> >> So as Veracrypt is basically licensed with the TrueCrypt license, I think >> it is better for Debian to not distribute such software, even in non-free. >> >> Thorsten > > > Thus closing this ITP and tagging as "won't fix". Unfortunately... > > Mike > > > [1] > https://lists.freedesktop.org/archives/distributions/2008-October/000276.html > > -- > > DAS-NETZWERKTEAM > mike gabriel, herweg 7, 24357 fleckeby > mobile: +49 (1520) 1976 148 > landline: +49 (4354) 8390 139 > > GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 > mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de >
Bug#814352: ITP: veracrypt -- Cross-platform on-the-fly encryption
Control: close -1 Control: tags -1 wontfix Hi Eriberto, On So 10 Jul 2016 00:05:12 CEST, Eriberto Mota wrote: Hi, What is the current status of this package? Regards, Eriberto Unfortunately, the ftp master team rejected the upload due to the dodgy license history of Veracrypt / Truecrypt: On Fr 08 Jul 2016 02:00:09 CEST, Thorsten Alteholz wrote: Hi Mike, unfortunately I have to reject your package. According to [1] "(...)TrueCrypt seems to be reserving the right to sue any licensee for copyright infringement, no matter whether they comply with the conditions of the license or not. Based on this, our counsel advised that above and beyond being non-free, software under this license is not safe to use. (...)" So as Veracrypt is basically licensed with the TrueCrypt license, I think it is better for Debian to not distribute such software, even in non-free. Thorsten Thus closing this ITP and tagging as "won't fix". Unfortunately... Mike [1] https://lists.freedesktop.org/archives/distributions/2008-October/000276.html -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgpGrVtJb27GA.pgp Description: Digitale PGP-Signatur
Bug#814352: ITP: veracrypt -- Cross-platform on-the-fly encryption
Hi, What is the current status of this package? Regards, Eriberto
Bug#814352: ITP: veracrypt -- Cross-platform on-the-fly encryption
Hi Francesco, On Do 18 Feb 2016 23:36:48 CET, Francesco Poli wrote: On Thu, 18 Feb 2016 05:02:37 + Mike Gabriel wrote: On Mi 17 Feb 2016 21:49:54 CET, Francesco Poli wrote: [...] > Please send the updated debian/copyright file... > Oh, I must have forgotten to attach that file. Here it comes. Well, the so-called VeraCrypt License is just the TrueCrypt License version 3.0 + the Apache License version 2.0. Since both licenses apply, the situation is not really different from the one we have discussed in the previous messages of this thread... Bye. Thanks for your time and expertise on this again. I really appreciate having such a skilled licensing export on the Debian project. Let's see how the ftpmasters decide on my veracrypt upload, then. Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/mailxchange/kronolith/fb.php?u=m.gabriel%40das-netzwerkteam.de pgpYAuC9jCDi4.pgp Description: Digitale PGP-Signatur
Bug#814352: ITP: veracrypt -- Cross-platform on-the-fly encryption
On Thu, 18 Feb 2016 05:02:37 + Mike Gabriel wrote: > On Mi 17 Feb 2016 21:49:54 CET, Francesco Poli wrote: [...] > > Please send the updated debian/copyright file... > > > > Oh, I must have forgotten to attach that file. Here it comes. Well, the so-called VeraCrypt License is just the TrueCrypt License version 3.0 + the Apache License version 2.0. Since both licenses apply, the situation is not really different from the one we have discussed in the previous messages of this thread... Bye. -- http://www.inventati.org/frx/ There's not a second to spare! To the laboratory! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgpjbytBnrWMf.pgp Description: PGP signature
Bug#814352: ITP: veracrypt -- Cross-platform on-the-fly encryption
Hi Francesco, On Mi 17 Feb 2016 21:49:54 CET, Francesco Poli wrote: On Wed, 17 Feb 2016https://github.com/mhogomchungu/zuluCrypt/releases/download/4.8.0/zuluCrypt-4.8.0-debian-8-Jessie.tar.xz 11:39:00 + Mike Gabriel wrote: On Mi 17 Feb 2016 00:17:28 CET, Francesco Poli wrote: Oh, I am sorry. With this mail, I have attached the latest debian/copyright file as I have it now after having it reworked two days ago. I should have sent an updated copy to debian-legal immediately. Sorry for that. Mmmmh, I cannot see any attachment. Was it forgotten or lost somehow? As it seems, the VeraCrypt upstream people have come up with a new license, the VeraCrypt license. See attached copyright file for details. Please send the updated debian/copyright file... Oh, I must have forgotten to attach that file. Here it comes. And personally, I just tried out zulucrypt-gui the second time and I could not get it running as non-root. This is probably possible, I did not spend much time on this, but honestly, I prefer a solution that works right away. Also ZuluCrypt feels a little nerdy, not so user friendly as VeraCrypt currently is. Mmmmh, I see. OT here, but for completing info on zuluCrypt: I just learned from the zuluCrypt upstream maintainer, that zuluCrypt-gui will work as non-root user if zuluCrypt-cli and zuluMount-cli are installed setuid root, it is just that the Debian maintainers of zulucrypt-gui do not set those permissions in their packaging. (Though, personally, I agree on not having more setuid root executables on a Debian system than absolutely necessary). Also zuluCrypt offers binary built .deb packages of their code on their homepage [1] without shipping a source package alongside. They install those mentioned executables as setuid root. So here we have a binary blob with no directly referenced source, doing filesystem crypto _and_ obtaining root privileges. Sigh... [1] http://mhogomchungu.github.io/zuluCrypt/ Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/mailxchange/kronolith/fb.php?u=m.gabriel%40das-netzwerkteam.de Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: veracrypt Source: http://sourceforge.net/projects/truecrypt/ Files: * Copyright: 2003-2011, TrueCrypt Developers Association 2013-2015, IDRIX License: VC Files: src/Common/Apidrvr.h src/Common/Cache.* src/Common/Cmdline.* src/Common/Combo.* src/Common/Crc.* src/Common/Crypto.* src/Common/Dlgcode.* src/Common/Endian.* src/Common/Fat.* src/Common/Format.* src/Common/Password.* src/Common/Pkcs5.* src/Common/Progress.* src/Common/Random.* src/Common/Tcdefs.h src/Common/Tests.* src/Common/Volumes.* src/Core/FatFormatter.cpp src/Driver/Ntdriver.* src/Driver/Ntvol.* src/Format/Tcformat.* src/Mount/Mount.* src/Setup/Dir.* src/Setup/Setup.* src/Setup/Wizard.* Copyright: 1998-2000, Paul Le Roux License: E4M Files: src/Common/GfMul.c src/Common/GfMul.h src/Crypto/Aescrypt.c src/Crypto/Aes.h src/Crypto/Aeskey.c src/Crypto/Aesopt.h src/Crypto/AesSmall.c src/Crypto/AesSmall.h src/Crypto/AesSmall_x86.asm src/Crypto/Aestab.c src/Crypto/Aestab.h src/Crypto/Aes_x64.asm src/Crypto/Aes_x86.asm src/Crypto/Sha2.c src/Crypto/Sha2.h src/Crypto/Twofish.c Copyright: 1998-2007, Brian Gladman, Worcester, UK License: BSD-3-Clause Files: src/Boot/Windows/Decompressor.c Copyright: 2002-2004, Mark Adler License: zlib Files: debian/* Copyright: 2013-2015, Unit 1932016, Mike Gabriel License: BSD-3-Clause License: VC VeraCrypt License . Software distributed under this license is distributed on an "AS IS" BASIS WITHOUT WARRANTIES OF ANY KIND. THE AUTHORS AND DISTRIBUTORS OF THE SOFTWARE DISCLAIM ANY LIABILITY. ANYONE WHO USES, COPIES, MODIFIES, OR (RE)DISTRIBUTES ANY PART OF THE SOFTWARE IS, BY SUCH ACTION(S), ACCEPTING AND AGREEING TO BE BOUND BY ALL TERMS AND CONDITIONS OF THIS LICENSE. IF YOU DO NOT ACCEPT THEM, DO NOT USE, COPY, MODIFY, NOR (RE)DISTRIBUTE THE SOFTWARE, NOR ANY PART(S) THEREOF. . VeraCrypt is governed by the TrueCrypt License version 3.0, a verbatim copy of this version of the TrueCrypt License can be found below. . Modifications and additions to the original source code (contained in this file) and all other portions of this file are Copyright (c) 2013-2015 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in
Bug#814352: ITP: veracrypt -- Cross-platform on-the-fly encryption
On Wed, 17 Feb 2016 11:39:00 + Mike Gabriel wrote: [...] > (taking debian-edu-pkg-team @ Alioth into the discussion loop, as that > would be the maintainer team for VeraCrypt in Debian) OK, fine. > > On Mi 17 Feb 2016 00:17:28 CET, Francesco Poli wrote: > > > On Wed, 10 Feb 2016 18:07:48 +0100 Mike Gabriel wrote: > > > > [...] > >> 1. > >> Is VeraCrypt suitable for the non-free section of Debian? > > > > I am not sure: the TC-3.0 license is still fairly unclear (at least > > to my eyes), so I cannot really speculate on its possible > > implications... > > Hmmm... ok. I think the ftpmasters would be glad about some guidance > on why you see veracrypt (not the TC 3.0 license, see below) unfit for > Debian non-free. I have already uploaded VeraCrypt to Debian > NEW/non-free and it is waiting approval/rejection from an ftpmaster. I didn't say that veracrypt is clearly unfit for the non-free archive. I said that the TC-3.0 license is unclear, and that I am consequently not sure about the possibility to distribute a package including code under such a license (even in the non-free archive). I hope I clarified what I meant. > > Also, it'd be interesting if the upstream people of VeraCrypt can > apply any change(s) to the upstream sources, their VeraCrypt license > or whatever, to make the software fit at least for Debian non-free. If VeraCrypt upstream developers (IDRIX, I suppose) are in good terms with the copyright holders for the Truecrypt version they forked from (TrueCrypt Developers Association, I suppose) and can persuade them to agree to a re-licensing of the code-base, the outcome could be definitely interesting. Everything re-licensed under the terms of the 3-clause-BSD license would be a huge win for everyone, since it would mean the possibility to upload veracrypt to Debian main (assuming no other showstopper comes up). [...] > >> 3. > >> The new upstream maintainer also states that all novelties of the code > >> are licensed under the Apache-2.0 license, but as long as any line from > >> the original code sticks out, the licensing of the code is governed by > >> the original Truecrypt 3.0 license, right? > > [...] > > > > Then I am not sure I understand why the debian/copyright file draft > > you sent states > > Files: * > > Copyright: 2003-2011, TrueCrypt Developers Association > > 2013-2014, IDRIX > > License: TC-3.0 or Ms-PL > > > > What's Ms-PL ? Shouldn't it be Apache-2.0 ? > > Moreover, "or" means dual-licensing, but I understand this to be a > > code-mixing case: I think "and" should be used instead. > > > > See > > https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ > > for more details. > > Oh, I am sorry. With this mail, I have attached the latest > debian/copyright file as I have it now after having it reworked two > days ago. I should have sent an updated copy to debian-legal > immediately. Sorry for that. Mmmmh, I cannot see any attachment. Was it forgotten or lost somehow? > > As it seems, the VeraCrypt upstream people have come up with a new > license, the VeraCrypt license. See attached copyright file for details. Please send the updated debian/copyright file... [...] > > Anyway, without looking at any further details, a question arises: > > why are you packaging veracrypt for the non-free archive? what does > > it offer that tcplay doesn't? > > > > See > > https://packages.debian.org/sid/tcplay > > https://tracker.debian.org/pkg/tcplay > > I have checked tcplay and also zulucrypt-gui again. We provide > veracrypt to teachers / students at school that come from the Windows > realm mainly. For them, it is essential to recognize some pieces of > software on our Linux environment that they have become so used to on > their Windows machines. VeraCrypt (for formerly TrueCrypt) is such an > application. Teachers here in Germany have to encrypt all personal > data that they carry around, so they need _one_ cross platform tool > for that. I'd be happy to provide that piece of software to other > people in Debian (Edu). > > Working on the command line (tcplay) is not an option for the > teachers, we support here. Then I hope someone will develop a GUI front-end for tcplay, if it is so important for at least one category of users... > And personally, I just tried out > zulucrypt-gui the second time and I could not get it running as > non-root. This is probably possible, I did not spend much time on > this, but honestly, I prefer a solution that works right away. Also > ZuluCrypt feels a little nerdy, not so user friendly as VeraCrypt > currently is. Mmmmh, I see. -- http://www.inventati.org/frx/ There's not a second to spare! To the laboratory! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgpZH9zK7itgB.pgp Description: PGP signature
Bug#814352: ITP: veracrypt -- Cross-platform on-the-fly encryption
Hi again, On Mi 17 Feb 2016 12:39:00 CET, Mike Gabriel wrote: I have checked tcplay and also zulucrypt-gui again. We provide veracrypt to teachers / students at school that come from the Windows realm mainly. For them, it is essential to recognize some pieces of software on our Linux environment that they have become so used to on their Windows machines. VeraCrypt (for formerly TrueCrypt) is such an application. Teachers here in Germany have to encrypt all personal data that they carry around, so they need _one_ cross platform tool for that. I'd be happy to provide that piece of software to other people in Debian (Edu). Working on the command line (tcplay) is not an option for the teachers, we support here. And personally, I just tried out zulucrypt-gui the second time and I could not get it running as non-root. This is probably possible, I did not spend much time on this, but honestly, I prefer a solution that works right away. Also ZuluCrypt feels a little nerdy, not so user friendly as VeraCrypt currently is. just a short follow up, why I want to see VeraCrypt installable from Debian: The current upstream maintainers offer binary blobs of VeraCrypt for installation on Linux, also Debian. With the binary builds, I see the issue that no exact sources of the builds are available. The builds probably have been derived from the upstream Git or source release tarballs, but who knows. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/mailxchange/kronolith/fb.php?u=m.gabriel%40das-netzwerkteam.de pgptkfIS8b4LP.pgp Description: Digitale PGP-Signatur
Bug#814352: ITP: veracrypt -- Cross-platform on-the-fly encryption
Hi Francesco, (taking debian-edu-pkg-team @ Alioth into the discussion loop, as that would be the maintainer team for VeraCrypt in Debian) On Mi 17 Feb 2016 00:17:28 CET, Francesco Poli wrote: On Wed, 10 Feb 2016 18:07:48 +0100 Mike Gabriel wrote: [...] 1. Is VeraCrypt suitable for the non-free section of Debian? I am not sure: the TC-3.0 license is still fairly unclear (at least to my eyes), so I cannot really speculate on its possible implications... Hmmm... ok. I think the ftpmasters would be glad about some guidance on why you see veracrypt (not the TC 3.0 license, see below) unfit for Debian non-free. I have already uploaded VeraCrypt to Debian NEW/non-free and it is waiting approval/rejection from an ftpmaster. Also, it'd be interesting if the upstream people of VeraCrypt can apply any change(s) to the upstream sources, their VeraCrypt license or whatever, to make the software fit at least for Debian non-free. . 2. I suppose VeraCrypt is not suitable for the main section of Debian as the TC-3.0 license is not DFSG-compliant. I suppose this has not changed for VeraCrypt, compared to TrueCrypt, right? Personally, I think this package should stay away from Debian main. As I said, I am not even sure it is safe to be distributed in the non-free archive. Ok, I fully agree for the veracrypt license construct not being suitable for Debian main. . 3. The new upstream maintainer also states that all novelties of the code are licensed under the Apache-2.0 license, but as long as any line from the original code sticks out, the licensing of the code is governed by the original Truecrypt 3.0 license, right? [...] Then I am not sure I understand why the debian/copyright file draft you sent states Files: * Copyright: 2003-2011, TrueCrypt Developers Association 2013-2014, IDRIX License: TC-3.0 or Ms-PL What's Ms-PL ? Shouldn't it be Apache-2.0 ? Moreover, "or" means dual-licensing, but I understand this to be a code-mixing case: I think "and" should be used instead. See https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ for more details. Oh, I am sorry. With this mail, I have attached the latest debian/copyright file as I have it now after having it reworked two days ago. I should have sent an updated copy to debian-legal immediately. Sorry for that. As it seems, the VeraCrypt upstream people have come up with a new license, the VeraCrypt license. See attached copyright file for details. My proposed Debian package is also available online [1], you may want to grab the .dsc file and check the upstream files, as well. [1] http://packages.sunweavers.net/debian/pool/non-free/v/veracrypt/ Anyway, without looking at any further details, a question arises: why are you packaging veracrypt for the non-free archive? what does it offer that tcplay doesn't? See https://packages.debian.org/sid/tcplay https://tracker.debian.org/pkg/tcplay I have checked tcplay and also zulucrypt-gui again. We provide veracrypt to teachers / students at school that come from the Windows realm mainly. For them, it is essential to recognize some pieces of software on our Linux environment that they have become so used to on their Windows machines. VeraCrypt (for formerly TrueCrypt) is such an application. Teachers here in Germany have to encrypt all personal data that they carry around, so they need _one_ cross platform tool for that. I'd be happy to provide that piece of software to other people in Debian (Edu). Working on the command line (tcplay) is not an option for the teachers, we support here. And personally, I just tried out zulucrypt-gui the second time and I could not get it running as non-root. This is probably possible, I did not spend much time on this, but honestly, I prefer a solution that works right away. Also ZuluCrypt feels a little nerdy, not so user friendly as VeraCrypt currently is. Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/mailxchange/kronolith/fb.php?u=m.gabriel%40das-netzwerkteam.de pgpJVjP1Cgyo_.pgp Description: Digitale PGP-Signatur
Bug#814352: ITP: veracrypt -- Cross-platform on-the-fly encryption
On Wed, 10 Feb 2016 18:07:48 +0100 Mike Gabriel wrote: [...] > 1. > Is VeraCrypt suitable for the non-free section of Debian? I am not sure: the TC-3.0 license is still fairly unclear (at least to my eyes), so I cannot really speculate on its possible implications... > . > 2. > I suppose VeraCrypt is not suitable for the main section of Debian > as the TC-3.0 license is not DFSG-compliant. I suppose > this has not changed for VeraCrypt, compared to TrueCrypt, right? Personally, I think this package should stay away from Debian main. As I said, I am not even sure it is safe to be distributed in the non-free archive. > . > 3. > The new upstream maintainer also states that all novelties of the code > are licensed under the Apache-2.0 license, but as long as any line from > the original code sticks out, the licensing of the code is governed by > the original Truecrypt 3.0 license, right? [...] Then I am not sure I understand why the debian/copyright file draft you sent states Files: * Copyright: 2003-2011, TrueCrypt Developers Association 2013-2014, IDRIX License: TC-3.0 or Ms-PL What's Ms-PL ? Shouldn't it be Apache-2.0 ? Moreover, "or" means dual-licensing, but I understand this to be a code-mixing case: I think "and" should be used instead. See https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ for more details. Anyway, without looking at any further details, a question arises: why are you packaging veracrypt for the non-free archive? what does it offer that tcplay doesn't? See https://packages.debian.org/sid/tcplay https://tracker.debian.org/pkg/tcplay I hope this helps a little. Bye. -- http://www.inventati.org/frx/ There's not a second to spare! To the laboratory! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgp9irrr9xyGm.pgp Description: PGP signature
Bug#814352: ITP: veracrypt -- Cross-platform on-the-fly encryption
Package: wnpp Severity: wishlist Owner: Mike Gabriel* Package name: veracrypt Version : 1.16 Upstream Author : Mounir IDRASSI * URL : https://launchpad.net/veracrypt * License : TC-3.0 or Ms-PL, E4M, BSD-3-clause, zlib Programming Lang: C++ Description : Cross-platform on-the-fly encryption VeraCrypt provides cross-platform on-the-fly encryption for Linux, MacOS X and Windows. It can encrypt filesystems stored either within a file or on disk partitions. Supported encryption algorithms include AES, Serpent and Twofish. The current version uses the XTS mode of disk encryption. In addition, VeraCrypt supports "hidden volumes" - unidentifiable volumes present in the free-space of a VeraCrypt volume. . Veracrypt has been forked from Truecrypt 7.1a and I am aware of previous discussion about the non-free character of the license. [1] . With this ITP, I have also CC:ed the debian-legal mailing list. Question at experts from the debian-legal mailing list: . TL;DR; I would like to bring VeraCrypt into the non-free part of the Debian repo to offer VeraCrypt to people in need of easy and GUI based encryption, suitable for cross-platform usage. Does the current license situation allow that? . Details / Questions: . 1. Is VeraCrypt suitable for the non-free section of Debian? . 2. I suppose VeraCrypt is not suitable for the main section of Debian as the TC-3.0 license is not DFSG-compliant. I suppose this has not changed for VeraCrypt, compared to TrueCrypt, right? . 3. The new upstream maintainer also states that all novelties of the code are licensed under the Apache-2.0 license, but as long as any line from the original code sticks out, the licensing of the code is governed by the original Truecrypt 3.0 license, right? [1] https://bugs.debian.org/364034 Example of the new license headers in VeraCrypt: """ /* Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) and all other portions of this file are Copyright (c) 2013-2015 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ """ If acceptable, the veracrypt package will be maintained under the umbrella of the Debian Edu Packaging Team. Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: veracrypt Source: http://sourceforge.net/projects/truecrypt/ Files: * Copyright: 2003-2011, TrueCrypt Developers Association 2013-2014, IDRIX License: TC-3.0 or Ms-PL Files: src/Common/Apidrvr.h src/Common/Cache.* src/Common/Cmdline.* src/Common/Combo.* src/Common/Crc.* src/Common/Crypto.* src/Common/Dlgcode.* src/Common/Endian.* src/Common/Fat.* src/Common/Format.* src/Common/Password.* src/Common/Pkcs5.* src/Common/Progress.* src/Common/Random.* src/Common/Tcdefs.h src/Common/Tests.* src/Common/Volumes.* src/Core/FatFormatter.cpp src/Driver/Ntdriver.* src/Driver/Ntvol.* src/Format/Tcformat.* src/Mount/Mount.* src/Setup/Dir.* src/Setup/Setup.* src/Setup/Wizard.* Copyright: 1998-2000, Paul Le Roux License: E4M Files: src/Common/GfMul.c src/Common/GfMul.h src/Crypto/Aescrypt.c src/Crypto/Aes.h src/Crypto/Aeskey.c src/Crypto/Aesopt.h src/Crypto/AesSmall.c src/Crypto/AesSmall.h src/Crypto/AesSmall_x86.asm src/Crypto/Aestab.c src/Crypto/Aestab.h src/Crypto/Aes_x64.asm src/Crypto/Aes_x86.asm src/Crypto/Sha2.c src/Crypto/Sha2.h src/Crypto/Twofish.c Copyright: 1998-2007, Brian Gladman, Worcester, UK License: BSD-3-Clause Files: src/Boot/Windows/Decompressor.c Copyright: 2002-2004, Mark Adler License: zlib Files: debian/* Copyright: 2013-2015, Unit 193 License: BSD-3-Clause License: TC-3.0 TrueCrypt License Version 3.0 . Software distributed under this license is distributed on an "AS IS" BASIS WITHOUT WARRANTIES OF ANY KIND. THE AUTHORS AND DISTRIBUTORS OF THE SOFTWARE DISCLAIM ANY LIABILITY. ANYONE WHO USES, COPIES, MODIFIES, OR (RE)DISTRIBUTES ANY PART OF THE SOFTWARE IS, BY SUCH ACTION(S), ACCEPTING AND AGREEING TO BE BOUND BY ALL TERMS AND CONDITIONS OF THIS LICENSE. IF YOU DO NOT ACCEPT THEM, DO NOT USE, COPY, MODIFY, NOR (RE)DISTRIBUTE THE SOFTWARE, NOR ANY PART(S) THEREOF. . I. Definitions . 1. "This Product" means the work (including, but not limited to, source code, graphics, texts, and accompanying files) made available under and