On Sat, 12 Jan 2008 20:27:57 +0100 Francesco Poli wrote:
[...]
The plain text version of the licence may be found at
http://www.truecrypt.org/docs/License.txt
and is pasted below in its entirety.
My comments follow.
As usual I would like to draw your attention on my disclaimers, that is
to say: IANAL, TINLA, IANADD, TINASOTODP.
[...]
TrueCrypt License Version 2.3
I. Definitions
[...]
4. Your Product means This Product modified by You, any work You derive from
(or base on) This Product, any work in which You include This Product, or any
respective part(s) thereof.
Does this mean that a mere aggregation (of the Product and other
unrelated works) counts as Your Product?
Does this broad definition interfere with DFSG#9?
[...]
III. Terms and Conditions for Modification and Derivation of New Products
[...]
a. The name of Your Product (or of Your modified version of This Product)
must not contain the name TrueCrypt (for example, the following names are
not allowed: TrueCrypt, TrueCrypt+, TrueCrypt Professional, iTrueCrypt,
etc.) nor any of its variations that can be easily confused with the name
TrueCrypt (e.g., True-Crypt, True Crypt, TrueKrypt, TruCrypt, etc.)
I've argued several times in the past against this kind of broad
restrictions. I think they go beyond what is permitted (as a
compromise!) by DFSG#4.
See, for instance:
http://lists.debian.org/debian-legal/2007/11/msg4.html
http://lists.debian.org/debian-legal/2006/04/msg00181.html
[...]
All graphics files showing any TrueCrypt logo (including the non-textual
logo consisting primarily of a key in stylized form) must be removed from
Your Product (or from Your modified version of This Product) and from any
associated materials. Logo(s) included in (or attached to) Your Product
(or in/to associated materials) must not incorporate and must not be
confusingly similar to any of the TrueCrypt logos or portion(s) thereof.
If these graphics files are unmodifiable and undistributable in
modified versions of the work, I think they are non-free and must be
removed from a Debian package, as long as this package can otherwise be
uploaded to the main archive (that is to say, as long as the other
showstoppers are solved).
b. The following phrases must be removed from Your Product and from any
associated materials:
A TrueCrypt Foundation Release
Released by TrueCrypt Foundation
This is a TrueCrypt Foundation release.
Like the above-mentioned Logos, these sentences deserve a similar
treatment.
c. Phrase Based on TrueCrypt, freely available at
http://www.truecrypt.org/; must be displayed by Your Product (if
technically feasible) and contained in its documentation. Alternatively,
if
This Product or its portion You included in Your Product comprises only a
minor portion of Your Product, phrase Portions of this product are based
in part on TrueCrypt, freely available at http://www.truecrypt.org/; may
be
displayed instead. In each of the cases mentioned above in this paragraph,
http://www.truecrypt.org/; must be a hyperlink (if technically feasible)
pointing to http://www.truecrypt.org/ and you may freely choose the
location within the user interface (if there is any) of Your Product
(e.g.,
an About window, etc.) and the way in which Your Product will display
the
respective phrase.
This is obnoxious, because it imposes an exact phrase to be included in
the modified work. I think it's even worse than GPLv3#5d: it is very
close to fail DFSG#3, if not already failing.
[...]
IV. Disclaimer of Warranties and Liabilities; Indemnification
[...]
4. You shall indemnify, defend and hold all (co)authors of This Product, their
agents and associates, and applicable copyright/trademark owners, harmless
from/against any liability, loss, expense, damages, claims or causes of
action,
arising out of Your use, inability to use, reproduction, (re)distribution,
import and/or (re)export of This Product (or portions thereof) and/or Your
breach of any term of this License.
Warning! Indemnification clause: is it acceptable? It smells as
non-free...
[...]
VI. General Terms
1. You may not use, modify, reproduce, derive from, (re)distribute, or
sublicense This Product, or portion(s) thereof, except as expressly provided
under this License. Any attempt (even if permitted by applicable law)
otherwise
to use, modify, reproduce, derive from, (re)distribute, or sublicense This
Product, or portion(s) thereof, automatically and immediately terminates Your
rights under this License.
This is non-free, as explained by Ken Arromdee in
http://lists.debian.org/debian-legal/2008/01/msg00132.html
[...]
This is an independent implementation of the encryption algorithm:
Twofish by Bruce Schneier and colleagues
which is a candidate