Re: TrueCrypt License 2.3
With TrueCrypt 5.x comes the new License version 2.4: TrueCrypt License Version 2.4 I. Definitions 1. This Product means the work (including, but not limited to, source code, graphics, texts, and accompanying files) made available under and governed by this version of this license (License), as may be indicated by, but is not limited to, copyright notice(s) attached to or included in the work. 2. You means (and Your refers to) an individual or a legal entity (e.g., a non-profit organization, commercial organization, government agency, etc.) exercising permissions granted by this License. 3. Modification means (and modify refers to) any alteration of This Product, including, but not limited to, addition to or deletion from the substance or structure of This Product, and translation into another language. 4. Your Product means This Product modified by You, any work You derive from (or base on) This Product, any work in which You include This Product, or any respective part(s) thereof. 5. Distribution means (and distribute refers to), regardless of means or methods, conveyance, transfer, providing, or making available of This/Your Product or portions thereof to third parties (including, but not limited to, making This/Your Product, or portions thereof, available for download to third parties, whether or not any third party has downloaded the product, or any portion thereof, made available for download). II. Terms and Conditions for Use, Copying, and Distribution 1. You may copy and/or distribute This Product, provided that You do not modify This Product (for terms and conditions for copying and distribution of modified versions of This Product, see Chapter III) and provided that You do not include This Product in another product (except as permitted under Chapter III), and provided that You ensure that all the legal notices and documents (containing, e.g., the text of this License, references to this License, etc.) included with This Product are included with every copy of This Product that You make and distribute, and provided that You comply with all other applicable terms and conditions of this License. 2. Provided that You comply with all applicable terms and conditions of this License, You may use This Product freely (see also Chapter III) on any number of computers/systems for non-commercial and/or commercial purposes. III. Terms and Conditions for Modification and Derivation of New Products 1. If all conditions specified in the following paragraphs in this Chapter (III) are met (for exceptions, see Sections III.2 and III.3) and if You comply with all other applicable terms and conditions of this License, You may modify This Product (thus forming Your Product), derive new works from This Product or portions thereof (thus forming Your Product), include This Product or portions thereof in another product (thus forming Your Product), and You may copy and/or distribute Your Product. a. The name of Your Product (or of Your modified version of This Product) must not contain the name TrueCrypt (for example, the following names are not allowed: TrueCrypt, TrueCrypt+, TrueCrypt Professional, iTrueCrypt, etc.) nor any other names confusingly similar to the name TrueCrypt (e.g., True-Crypt, True Crypt, TruKrypt, etc.) Note: TrueCrypt and the TrueCrypt logos are trademarks of the TrueCrypt Foundation. The goal is not to monetize the name or the product, but to protect the reputation of TrueCrypt, and to prevent support issues and other kinds of issues that might arise from the existence of similar products with the same or similar name. Even though TrueCrypt and the TrueCrypt logos are trademarks, TrueCrypt is and will remain open-source and free software. All occurrences of the name TrueCrypt that could reasonably be considered to identify Your Product must be removed from Your Product and from any associated materials. Logo(s) included in (or attached to) Your Product (and in/to associated materials) must not incorporate and must not be confusingly similar to any of the TrueCrypt logos (including the non-textual logo consisting primarily of a key in stylized form) or portion(s) thereof. All graphics contained in This Product (logos, icons, etc.) must be removed from Your Product (or from Your modified version of This Product) and from any associated materials. b. The following phrases must be removed from Your Product and from any associated materials, except the text of this License: A TrueCrypt Foundation Release, Released by TrueCrypt Foundation, This is a TrueCrypt Foundation release. c. Phrase Based on TrueCrypt, freely available at http://www.truecrypt.org/; must be displayed by Your Product (if technically feasible) and contained in its documentation. Alternatively, if This Product or its portion You included in Your Product constitutes only a minor portion of Your
Re: TrueCrypt License 2.3
On Jan 28, 2008 12:05 AM, MJ Ray [EMAIL PROTECTED] wrote: If we have named Firefux the modified version of Firefox, I doubt the Mozilla foundation would have let that pass. There's various other reasons for that and it wouldn't have been covered by a prohibition on calling it Firefox or something easily confused with Firefox. (How often do people use the other f-word to mean a fox?) Trade marks protect against use not only of identical marks, but also of similar marks where there is a risk of confusion. So Firefux would almost certainly infringe Mozilla's trade mark rights in Firefox. But I appreciate that in this specific case there was a lot more going on, with copyright aspects as well. John (TINLA) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: TrueCrypt License 2.3
John Halton [EMAIL PROTECTED] wrote: On Jan 28, 2008 12:05 AM, MJ Ray [EMAIL PROTECTED] wrote: If we have named Firefux the modified version of Firefox, I doubt the Mozilla foundation would have let that pass. There's various other reasons for that and it wouldn't have been covered by a prohibition on calling it Firefox or something easily confused with Firefox. (How often do people use the other f-word to mean a fox?) Trade marks protect against use not only of identical marks, but also of similar marks where there is a risk of confusion. So Firefux would almost certainly infringe Mozilla's trade mark rights in Firefox. Indeed! But it would not have been covered by a TrueCrypt-like naming clause in the *copyright* licence! That's the point I was trying to make: there's more (and less) to trademarks than just simple naming. Copyrights are not trademarks and using one to do the other's job is often messy, like hammering in screws. Some stuff that shouldn't be covered will be, while letting others escape. Hope that explains, -- MJR/slef My Opinion Only: see http://people.debian.org/~mjr/ Please follow http://www.uk.debian.org/MailingLists/#codeofconduct -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: TrueCrypt License 2.3
Josselin Mouette [EMAIL PROTECTED] wrote: Le mercredi 16 janvier 2008 =C3=A0 14:55 +, MJ Ray a =C3=A9crit : Where? The naming rights asserted above seem much broader than what a trademark allows. Trademarks have many limitations. If we have named Firefux the modified version of Firefox, I doubt the Mozilla foundation would have let that pass. There's various other reasons for that and it wouldn't have been covered by a prohibition on calling it Firefox or something easily confused with Firefox. (How often do people use the other f-word to mean a fox?) [...] Does it matter whether it is non-free only for France or only for the US? Doesn't that mere difference make it fail DFSG 5? I don=E2=80=99t think so. The fact that it doesn=E2=80=99t grant some of th= e rights that are usually applicable in the US but not somewhere else doesn=E2=80=99t mak= e the license in itself non-free. [...] The licence isn't just not granting rights - it's requiring users to abandon some rights they hold. Seems like a cost to me. [...] They're also unnecessarily you-you-you. Did Francesco Poli run over Josselin Mouette's cat? Huh? Who=E2=80=99s trying to make things personal? Josselin Mouette, it seemed. Regards, -- MJ Ray http://mjr.towers.org.uk/email.html tel:+44-844-4437-237 - Webmaster-developer, statistician, sysadmin, online shop builder, consumer and workers co-operative member http://www.ttllp.co.uk/ - Writing on koha, debian, sat TV, Kewstoke http://mjr.towers.org.uk/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: TrueCrypt License 2.3
Hi all people, I new on this list and I am also interesting in this problem with the license of TrueCrypt. Maybe it can help to know that in Mandriva distribution, somebody has packed TrueCrypt with another name: RealCrypt and it has made it available in their contrib/backports repositories. http://club.mandriva.com/xwiki/bin/view/dvalin/RealCrypt Is this a really legal fork? I am not lawyer and I do not know the legal policies of this distribution but I ask if it could be a trail. Thanks for your attention. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: TrueCrypt License 2.3
Le mercredi 16 janvier 2008 à 14:55 +, MJ Ray a écrit : We have allowed exactly the same conditions by using software with trademarked names. Where? The naming rights asserted above seem much broader than what a trademark allows. Trademarks have many limitations. If we have named Firefux the modified version of Firefox, I doubt the Mozilla foundation would have let that pass. In fact, upstream is wrong for putting such restrictions in the license itself instead of the trademark policy, but the net effect is exactly the same as that of the Firefox trademark. Didn't we have to change the name to avoid the Firefox trademark+copyright combo-knockout? Indeed, but not all upstreams have such stupid trademark licensing schemes. See Apache for a good example. 1. You may not use, modify, reproduce, derive from, (re)distribute, or sublicense This Product, or portion(s) thereof, except as expressly provided under this License. [...] This is non-free, as explained by Ken Arromdee in http://lists.debian.org/debian-legal/2008/01/msg00132.html Please get out of your US-centric world. Does it matter whether it is non-free only for France or only for the US? Doesn't that mere difference make it fail DFSG 5? I don’t think so. The fact that it doesn’t grant some of the rights that are usually applicable in the US but not somewhere else doesn’t make the license in itself non-free. It has been argued several times that DFSG#5 is here to make the software free for everyone. If it is more free for some groups of persons than for others, good for them. For a similar example, the GPL with an additional permission for snowboarders to integrate the software in their proprietary developments would not fail the test. I've not studied the liability debate here, but none of the above responses seem to have merit. They're also unnecessarily you-you-you. Did Francesco Poli run over Josselin Mouette's cat? Huh? Who’s trying to make things personal? -- .''`. : :' : We are debian.org. Lower your prices, surrender your code. `. `' We will add your hardware and software distinctiveness to `-our own. Resistance is futile. signature.asc Description: Ceci est une partie de message numériquement signée
Re: TrueCrypt License 2.3
Le lundi 14 janvier 2008 à 22:50 +0100, Francesco Poli a écrit : a. The name of Your Product (or of Your modified version of This Product) must not contain the name TrueCrypt (for example, the following names are not allowed: TrueCrypt, TrueCrypt+, TrueCrypt Professional, iTrueCrypt, etc.) nor any of its variations that can be easily confused with the name TrueCrypt (e.g., True-Crypt, True Crypt, TrueKrypt, TruCrypt, etc.) I've argued several times in the past against this kind of broad restrictions. I think they go beyond what is permitted (as a compromise!) by DFSG#4. We have allowed exactly the same conditions by using software with trademarked names. In fact, upstream is wrong for putting such restrictions in the license itself instead of the trademark policy, but the net effect is exactly the same as that of the Firefox trademark. See, for instance: http://lists.debian.org/debian-legal/2007/11/msg4.html http://lists.debian.org/debian-legal/2006/04/msg00181.html Using yourself as a reference? Warning! Indemnification clause: is it acceptable? It smells as non-free... Just have a look at the postfix license. [...] VI. General Terms 1. You may not use, modify, reproduce, derive from, (re)distribute, or sublicense This Product, or portion(s) thereof, except as expressly provided under this License. Any attempt (even if permitted by applicable law) otherwise to use, modify, reproduce, derive from, (re)distribute, or sublicense This Product, or portion(s) thereof, automatically and immediately terminates Your rights under this License. This is non-free, as explained by Ken Arromdee in http://lists.debian.org/debian-legal/2008/01/msg00132.html Please get out of your US-centric world. -- .''`. : :' : We are debian.org. Lower your prices, surrender your code. `. `' We will add your hardware and software distinctiveness to `-our own. Resistance is futile. signature.asc Description: Ceci est une partie de message numériquement signée
Re: TrueCrypt License 2.3
Josselin Mouette [EMAIL PROTECTED] wrote: Le lundi 14 janvier 2008 =E0 22:50 +0100, Francesco Poli a =E9crit : a. The name of Your Product (or of Your modified version of This Pr= oduct) must not contain the name TrueCrypt (for example, the following nam= es are not allowed: TrueCrypt, TrueCrypt+, TrueCrypt Professional, iTrueCr= ypt, etc.) nor any of its variations that can be easily confused with th= e name TrueCrypt (e.g., True-Crypt, True Crypt, TrueKrypt, TruCrypt, etc.) =20 I've argued several times in the past against this kind of broad restrictions. I think they go beyond what is permitted (as a compromise!) by DFSG#4. We have allowed exactly the same conditions by using software with trademarked names. Where? The naming rights asserted above seem much broader than what a trademark allows. Trademarks have many limitations. In fact, upstream is wrong for putting such restrictions in the license itself instead of the trademark policy, but the net effect is exactly the same as that of the Firefox trademark. Didn't we have to change the name to avoid the Firefox trademark+copyright combo-knockout? See, for instance: http://lists.debian.org/debian-legal/2007/11/msg4.html http://lists.debian.org/debian-legal/2006/04/msg00181.html Using yourself as a reference? That seems fine as a reference for 'I've argued...' [...] VI. General Terms 1. You may not use, modify, reproduce, derive from, (re)distribute, or sublicense This Product, or portion(s) thereof, except as expressly provided under this License. [...] This is non-free, as explained by Ken Arromdee in http://lists.debian.org/debian-legal/2008/01/msg00132.html Please get out of your US-centric world. Does it matter whether it is non-free only for France or only for the US? Doesn't that mere difference make it fail DFSG 5? I've not studied the liability debate here, but none of the above responses seem to have merit. They're also unnecessarily you-you-you. Did Francesco Poli run over Josselin Mouette's cat? Puzzled, -- MJR/slef My Opinion Only: see http://people.debian.org/~mjr/ Please follow http://www.uk.debian.org/MailingLists/#codeofconduct -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: TrueCrypt License 2.3
On Wed, 16 Jan 2008 10:15:49 +0100 Josselin Mouette wrote: Le lundi 14 janvier 2008 à 22:50 +0100, Francesco Poli a écrit : a. The name of Your Product (or of Your modified version of This Product) must not contain the name TrueCrypt (for example, the following names are not allowed: TrueCrypt, TrueCrypt+, TrueCrypt Professional, iTrueCrypt, etc.) nor any of its variations that can be easily confused with the name TrueCrypt (e.g., True-Crypt, True Crypt, TrueKrypt, TruCrypt, etc.) I've argued several times in the past against this kind of broad restrictions. I think they go beyond what is permitted (as a compromise!) by DFSG#4. We have allowed exactly the same conditions by using software with trademarked names. In fact, upstream is wrong for putting such restrictions in the license itself instead of the trademark policy, but the net effect is exactly the same as that of the Firefox trademark. I don't think the effect is exactly the same. For starters, if the renaming restrictions are placed in the copyright license, they become conditions for getting copyright permissions. AFAICT, when they are trademark policy rules, they don't interfere with copyright. Moreover, trademark laws differ across jurisdictions: as a consequence, in some jurisdictions, I might have some trademark-related rights independently from my compliance with a trademark-owner-imposed policy. This does not hold when those policy rules are phrased as conditions for getting copyright permissions. See, for instance: http://lists.debian.org/debian-legal/2007/11/msg4.html http://lists.debian.org/debian-legal/2006/04/msg00181.html Using yourself as a reference? Just citing my previous arguments, rather than repeating them in full (which would seem to be a waste of net resources). Warning! Indemnification clause: is it acceptable? It smells as non-free... Just have a look at the postfix license. First off, I don't like the IBM Public License version 1.0, but that's another story... Anyway, the IBM Public License indemnification clause seems to be less broad in scope: it applies only to commercial distributors and explicitly excludes losses relating to any actual or alleged intellectual property infringement, for instance. [...] VI. General Terms 1. You may not use, modify, reproduce, derive from, (re)distribute, or sublicense This Product, or portion(s) thereof, except as expressly provided under this License. Any attempt (even if permitted by applicable law) otherwise to use, modify, reproduce, derive from, (re)distribute, or sublicense This Product, or portion(s) thereof, automatically and immediately terminates Your rights under this License. This is non-free, as explained by Ken Arromdee in http://lists.debian.org/debian-legal/2008/01/msg00132.html Please get out of your US-centric world. Wait, are you accusing an Italian guy of being US-centric? That's kinda weird... :-| Anyway, IMHO, there's nothing US-centric in my (or Ken Arromdee's) line of reasoning. The clause talks about applicable law and says that, if you exercise any right granted by applicable law, but not by the license, then you lose any rights granted by the license. Fair use is just a (US-centric) example of such law-granted rights. Fair dealing would be a UK-centric example. Eccezioni e limitazioni (della legge sul diritto d'autore) would be an Italian-centric example. And so forth... Same old disclaimers: IANAL, TINLA, IANADD, TINASOTODP. -- http://frx.netsons.org/progs/scripts/refresh-pubring.html New! Version 0.6 available! What? See for yourself! . Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 pgpfZ8N6khyZM.pgp Description: PGP signature
Re: TrueCrypt License 2.3
Ken Arromdee [EMAIL PROTECTED] wrote: Of course, the clause doesn't keep you from performing fair use. It can't. Aside: note that there is no global standard for what level of 'fair use' is permitted and so it cannot be relied on. [...] This should, however, make the program non-free. A payment of not exercising fair use rights is no more DFSG-free than a payment of cash. FWIW, I agree. This bundle of licenses could do with simplifying, too. Regards, -- MJR/slef My Opinion Only: see http://people.debian.org/~mjr/ Please follow http://www.uk.debian.org/MailingLists/#codeofconduct -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: TrueCrypt License 2.3
Francesco Poli [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] [...] IV. Disclaimer of Warranties and Liabilities; Indemnification [...] 4. You shall indemnify, defend and hold all (co)authors of This Product, their agents and associates, and applicable copyright/trademark owners, harmless from/against any liability, loss, expense, damages, claims or causes of action, arising out of Your use, inability to use, reproduction, (re)distribution, import and/or (re)export of This Product (or portions thereof) and/or Your breach of any term of this License. Warning! Indemnification clause: is it acceptable? It smells as non-free... Ok. Lets look closely at this. In most of those cases, I cannot see any valid reason for anybody (except perhaps myself) to sue the company for those actions. Without knowing exactly what sort of things the company could be liable for based on my actions, and thus what type of liability I am indemifying them from, I cannot make any sort of freeness judment on this part of the licence. Could somebody give examples of what sort of liabilty for them could result from my perfroming the listed actions? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: TrueCrypt License 2.3
On Sat, 12 Jan 2008 20:27:57 +0100 Francesco Poli wrote: [...] The plain text version of the licence may be found at http://www.truecrypt.org/docs/License.txt and is pasted below in its entirety. My comments follow. As usual I would like to draw your attention on my disclaimers, that is to say: IANAL, TINLA, IANADD, TINASOTODP. [...] TrueCrypt License Version 2.3 I. Definitions [...] 4. Your Product means This Product modified by You, any work You derive from (or base on) This Product, any work in which You include This Product, or any respective part(s) thereof. Does this mean that a mere aggregation (of the Product and other unrelated works) counts as Your Product? Does this broad definition interfere with DFSG#9? [...] III. Terms and Conditions for Modification and Derivation of New Products [...] a. The name of Your Product (or of Your modified version of This Product) must not contain the name TrueCrypt (for example, the following names are not allowed: TrueCrypt, TrueCrypt+, TrueCrypt Professional, iTrueCrypt, etc.) nor any of its variations that can be easily confused with the name TrueCrypt (e.g., True-Crypt, True Crypt, TrueKrypt, TruCrypt, etc.) I've argued several times in the past against this kind of broad restrictions. I think they go beyond what is permitted (as a compromise!) by DFSG#4. See, for instance: http://lists.debian.org/debian-legal/2007/11/msg4.html http://lists.debian.org/debian-legal/2006/04/msg00181.html [...] All graphics files showing any TrueCrypt logo (including the non-textual logo consisting primarily of a key in stylized form) must be removed from Your Product (or from Your modified version of This Product) and from any associated materials. Logo(s) included in (or attached to) Your Product (or in/to associated materials) must not incorporate and must not be confusingly similar to any of the TrueCrypt logos or portion(s) thereof. If these graphics files are unmodifiable and undistributable in modified versions of the work, I think they are non-free and must be removed from a Debian package, as long as this package can otherwise be uploaded to the main archive (that is to say, as long as the other showstoppers are solved). b. The following phrases must be removed from Your Product and from any associated materials: A TrueCrypt Foundation Release Released by TrueCrypt Foundation This is a TrueCrypt Foundation release. Like the above-mentioned Logos, these sentences deserve a similar treatment. c. Phrase Based on TrueCrypt, freely available at http://www.truecrypt.org/; must be displayed by Your Product (if technically feasible) and contained in its documentation. Alternatively, if This Product or its portion You included in Your Product comprises only a minor portion of Your Product, phrase Portions of this product are based in part on TrueCrypt, freely available at http://www.truecrypt.org/; may be displayed instead. In each of the cases mentioned above in this paragraph, http://www.truecrypt.org/; must be a hyperlink (if technically feasible) pointing to http://www.truecrypt.org/ and you may freely choose the location within the user interface (if there is any) of Your Product (e.g., an About window, etc.) and the way in which Your Product will display the respective phrase. This is obnoxious, because it imposes an exact phrase to be included in the modified work. I think it's even worse than GPLv3#5d: it is very close to fail DFSG#3, if not already failing. [...] IV. Disclaimer of Warranties and Liabilities; Indemnification [...] 4. You shall indemnify, defend and hold all (co)authors of This Product, their agents and associates, and applicable copyright/trademark owners, harmless from/against any liability, loss, expense, damages, claims or causes of action, arising out of Your use, inability to use, reproduction, (re)distribution, import and/or (re)export of This Product (or portions thereof) and/or Your breach of any term of this License. Warning! Indemnification clause: is it acceptable? It smells as non-free... [...] VI. General Terms 1. You may not use, modify, reproduce, derive from, (re)distribute, or sublicense This Product, or portion(s) thereof, except as expressly provided under this License. Any attempt (even if permitted by applicable law) otherwise to use, modify, reproduce, derive from, (re)distribute, or sublicense This Product, or portion(s) thereof, automatically and immediately terminates Your rights under this License. This is non-free, as explained by Ken Arromdee in http://lists.debian.org/debian-legal/2008/01/msg00132.html [...] This is an independent implementation of the encryption algorithm: Twofish by Bruce Schneier and colleagues which is a candidate
Re: TrueCrypt License 2.3
Måns Rullgård schrieb: Patrick Matthäi [EMAIL PROTECTED] writes: Hello, I wanted to package maybe truecrypt for Debian. There was an older discussion on l.d.legal for an older version of the TrueCrypt license, where the most developers said, that it is not distributeable. But as I know TrueCrypt has modified the license, so that more distributions could ship it. Here it is: http://www.truecrypt.org/license.php I'm not a lawler, so what do you mean, is this license free or when not could I distribute it in non-free? At a glance, the bits that might be controversial appear to be a few naming restriction clauses and some advertising clauses. I don't see anything restricting use or distribution. IANAL Thanks, sounds good :) -- Mit freundlichem Gruß / With kind regards, Patrick Matthäi E-Mail: [EMAIL PROTECTED] Homepage: http://www.Linux-Dev.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: TrueCrypt License 2.3
Hi, Wow, that's a lot of license text. There are multiple bits in these licenses that I don't like. TrueCrypt License Version 2.3 [...] II. Terms and Conditions for Use, Reproduction, and Distribution 1. You [must] ensure that all the legal notices and documents (containing, e.g., the text of this License, references to this License, etc.) included with This Product are included with every copy of This Product that you make and distribute This might be clutching at straws, but I don't like the requirement to include verbatim all legal notices. My reasoning is that legal notices could be interpreted to imply notices about patents. In a jurisdiction that does not allow software patents, I do not think people should be forced to convey notices about patents that simply do not apply to them. I suppose this is why debian-legal likes to analyse the freeness of software as opposed to licenses; my criticism certainly doesn't apply if there are no such patent notices. III. Terms and Conditions for Modification and Derivation of New Products 1. [...] c. Phrase Based on TrueCrypt, freely available at http://www.truecrypt.org/; must be displayed by Your Product (if technically feasible) I think it's obnoxious to have to have to include this exact phrase in the product (as opposed to just in the documentation, or merely requiring any reasonable attribution). :( However, this is similar to what's allowed in GPLv3. I certainly didn't like the clause in the GPLv3, and I wasn't the only one, but I don't remember there being any consensus that it's non-free. and contained in its documentation. [...] In each of the cases mentioned above in this paragraph, http://www.truecrypt.org/; must be a hyperlink (if technically feasible) pointing to http://www.truecrypt.org/ Obnoxious. It's generally technically feasible to implement the hyperlink, but it can still be a hassle. For example, the GTK+ about box lets you add a hyperlink easily, but only on its own and not in the middle of arbitrary text. Your Product (and any associated materials, e.g., the documentation, the content of the official web site of Your Product, etc.) must not present any Internet address containing the domain name truecrypt.org (or any domain name that forwards to the domain name truecrypt.org) in a manner that suggests that it is where information about Your Product may be obtained or where bugs found in Your Product may be reported or where support for Your Product may be available or otherwise attempt to indicate that the domain name truecrypt.org is associated with Your Product. It's fair enough that in the derived work you aren't allowed to misrepresent truecrypt.org as the originator of the derived product. However, there's the possibility that I link to a support website out of my control that is subsequently forwarded to truecrypt.org. VI. General Terms 1. You may not use, modify, reproduce, derive from, (re)distribute, or sublicense This Product, or portion(s) thereof, except as expressly provided under this License. Any attempt (even if permitted by applicable law) otherwise to use, modify, reproduce, derive from, (re)distribute, or sublicense This Product, or portion(s) thereof, automatically and immediately terminates Your rights under this License. This paragraph explicitly denies rights available under fair use or fair dealing. Hopefully a non-op (?), but not good. All the above was about the TrueCrypt License version 2.3. The other license I have trouble with is a short one. This is an independent implementation of the encryption algorithm: Twofish by Bruce Schneier and colleagues which is a candidate algorithm in the Advanced Encryption Standard programme of the US National Institute of Standards and Technology. Copyright in this implementation is held by Dr B R Gladman but I hereby give permission for its free direct or derivative use subject to acknowledgment of its origin and compliance with any conditions that the originators of the algorithm place on its exploitation. I know the reference implementation for Twofish is in the public domain, and it's not been patented. But what happens, hypothetically, if Bruce Schneier were to publicly assert that people should not use the algorithm, say for moral reasons. Or what if he said people should not use this algorithm [as it is no longer considered secure enough. Could those situations not revoke my license to use this software? IANAL. Regards, -- Iain Nicol -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: TrueCrypt License 2.3
Patrick Matthäi [EMAIL PROTECTED] writes: Måns Rullgård schrieb: Patrick Matthäi [EMAIL PROTECTED] writes: Hello, I wanted to package maybe truecrypt for Debian. There was an older discussion on l.d.legal for an older version of the TrueCrypt license, where the most developers said, that it is not distributeable. But as I know TrueCrypt has modified the license, so that more distributions could ship it. Here it is: http://www.truecrypt.org/license.php I'm not a lawler, so what do you mean, is this license free or when not could I distribute it in non-free? At a glance, the bits that might be controversial appear to be a few naming restriction clauses and some advertising clauses. I don't see anything restricting use or distribution. IANAL Thanks, sounds good :) Hold on. I didn't say it was free or anything, only that I didn't see anything that struck me as obviously non-free. Some consider renaming clauses non-free (although I don't), and the plethora of licenses used for Truecrypt could be conflicting, even if each on its own is free. Wait for another opinion before drawing any conclusions. -- Måns Rullgård [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: TrueCrypt License 2.3
Iain Nicol [EMAIL PROTECTED] writes: VI. General Terms 1. You may not use, modify, reproduce, derive from, (re)distribute, or sublicense This Product, or portion(s) thereof, except as expressly provided under this License. Any attempt (even if permitted by applicable law) otherwise to use, modify, reproduce, derive from, (re)distribute, or sublicense This Product, or portion(s) thereof, automatically and immediately terminates Your rights under this License. This paragraph explicitly denies rights available under fair use or fair dealing. Hopefully a non-op (?), but not good. If it were a contract, such a clause could be valid. Whether licenses like this are to be considered contracts is matter for debate. Either way, the license has a clause about unenforcable terms: 4. If any term of this License is found to be invalid or unenforceable under applicable law, You agree that it shall not affect the validity or enforceability of any other terms of this License that are found to be valid and enforceable under applicable law. All the above was about the TrueCrypt License version 2.3. The other license I have trouble with is a short one. This is an independent implementation of the encryption algorithm: Twofish by Bruce Schneier and colleagues which is a candidate algorithm in the Advanced Encryption Standard programme of the US National Institute of Standards and Technology. Copyright in this implementation is held by Dr B R Gladman but I hereby give permission for its free direct or derivative use subject to If the copyright is held be Dr Gladman, how can I (Schneier?) grant any permission pertaining to it? acknowledgment of its origin and compliance with any conditions that the originators of the algorithm place on its exploitation. I know the reference implementation for Twofish is in the public domain, and it's not been patented. But what happens, hypothetically, if Bruce Schneier were to publicly assert that people should not use the algorithm, say for moral reasons. Or what if he said people should not use this algorithm [as it is no longer considered secure enough. Could those situations not revoke my license to use this software? Note that the text says algorithm, not implementation. If it is not patented, there is nothing the originators of the algorithm can do to stop it being used. IANAL -- Måns Rullgård [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: TrueCrypt License 2.3
On sam, 2008-01-12 at 20:27 +0100, Francesco Poli wrote: The plain text version of the licence may be found at http://www.truecrypt.org/docs/License.txt and is pasted below in its entirety. Thanks. Summary: * I think this software is fine for main if we package it the iceweasel way (new name, new artwork). * The advertising clause is very obnoxious but still acceptable. * I also have a wonder about the TrueCrypt license, but it can be easily clarified (at worst by asking Bruce Schneier directly). Comments about the different licenses follow. TrueCrypt License Version 2.3 This looks like a generic copyleft license. Specific clauses follow. a. The name of Your Product (or of Your modified version of This Product) must not contain the name TrueCrypt (for example, the following names are not allowed: TrueCrypt, TrueCrypt+, TrueCrypt Professional, iTrueCrypt, etc.) nor any of its variations that can be easily confused with the name TrueCrypt (e.g., True-Crypt, True Crypt, TrueKrypt, TruCrypt, etc.) Name change clause, it is fine. All graphics files showing any TrueCrypt logo (including the non-textual logo consisting primarily of a key in stylized form) must be removed from Your Product (or from Your modified version of This Product) and from any associated materials. Logo(s) included in (or attached to) Your Product (or in/to associated materials) must not incorporate and must not be confusingly similar to any of the TrueCrypt logos or portion(s) thereof. Which means we need to remove them from the package as well. c. Phrase Based on TrueCrypt, freely available at http://www.truecrypt.org/; must be displayed by Your Product (if technically feasible) and contained in its documentation. Alternatively, if This Product or its portion You included in Your Product comprises only a minor portion of Your Product, phrase Portions of this product are based in part on TrueCrypt, freely available at http://www.truecrypt.org/; may be displayed instead. In each of the cases mentioned above in this paragraph, http://www.truecrypt.org/; must be a hyperlink (if technically feasible) pointing to http://www.truecrypt.org/ and you may freely choose the location within the user interface (if there is any) of Your Product (e.g., an About window, etc.) and the way in which Your Product will display the respective phrase. This is the most questionable clause. It looks much like a mix between the OpenSSL advertising clause and the GPL warranty disclaimer. I don’t like the clause, but I don’t feel it breaks any of the DFSG, especially because it is reasonable about the requirements (“if technically feasible”, you’re free to choose how to put it…) d. The complete source code of Your Product must be freely and publicly available (for exceptions, see Sections III.2 and III.3) at least until you cease to distribute Your Product. To meet this condition, it is sufficient that You merely include the source code with every copy of Your Product that you make and distribute; it is also sufficient that You merely include information (valid and correct at least until you cease to distribute Your Product) about where the source code can be freely obtained (e.g., an Internet address, etc.) with every copy of Your Product that you make and distribute. This is fine and passes the desert island and dissident tests. 2. You are not obligated to comply with Sections III.1.a, III.1.b, III.1.c, and III.1.d, if all conditions specified in one of the two following paragraphs are met: a. Your Product is an operating system distribution, or other aggregate software distribution (such as a cover CD-ROM of a magazine) containing products from different sources, in which You include either This Product without any modifications or file(s) which You obtain by compiling the unmodified source code of This Product. This is a nice clause to allow distributors to keep the name; unfortunately it requires keeping the non-free logos, so this looks like an iceweasel case. 4. You shall indemnify, defend and hold all (co)authors of This Product, their agents and associates, and applicable copyright/trademark owners, harmless from/against any liability, loss, expense, damages, claims or causes of action, arising out of Your use, inability to use, reproduction, (re)distribution, import and/or (re)export of This Product (or portions thereof) and/or Your breach of any term of this License. Indemnification clause, similar to the IBM public license. License agreement for Encryption for the Masses. Simple non-copyleft license with name change clause and advertising clause. This product can be copied and distributed free of charge, including
Re: TrueCrypt License 2.3
On Sun, 13 Jan 2008, Måns Rullgård wrote: 1. You may not use, modify, reproduce, derive from, (re)distribute, or sublicense This Product, or portion(s) thereof, except as expressly provided under this License. Any attempt (even if permitted by applicable law) otherwise to use, modify, reproduce, derive from, (re)distribute, or sublicense This Product, or portion(s) thereof, automatically and immediately terminates Your rights under this License. This paragraph explicitly denies rights available under fair use or fair dealing. Hopefully a non-op (?), but not good. If it were a contract, such a clause could be valid. Whether licenses like this are to be considered contracts is matter for debate. Of course, the clause doesn't keep you from performing fair use. It can't. What it does do, however, is say that if you attempt fair use, you lose the rights the license grants and can *only* do fair use and nothing else. I think this clause is self-evidently valid. Saying we will only let you distribute the program if you don't perform fair use can't possibly be any more invalid than we will only let you distribute the program if you agree not to pet any cats. It's making distribution of the program contingent on limiting your otherwise legal actions somewhere else. The fact that fair use is guaranteed by law doesn't make the clause invalid; your right to keep your money is also guaranteed by law, but a clause saying you have to give up some money to distribute the program is obviously legal. This should, however, make the program non-free. A payment of not exercising fair use rights is no more DFSG-free than a payment of cash. Disclaimer: IANAL. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
TrueCrypt License 2.3
Hello, I wanted to package maybe truecrypt for Debian. There was an older discussion on l.d.legal for an older version of the TrueCrypt license, where the most developers said, that it is not distributeable. But as I know TrueCrypt has modified the license, so that more distributions could ship it. Here it is: http://www.truecrypt.org/license.php I'm not a lawler, so what do you mean, is this license free or when not could I distribute it in non-free? -- Mit freundlichem Gruß / With kind regards, Patrick Matthäi E-Mail: [EMAIL PROTECTED] Homepage: http://www.Linux-Dev.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: TrueCrypt License 2.3
On Sat, 12 Jan 2008 19:33:22 +0100 Patrick Matthäi wrote: Hello, Hi! I wanted to package maybe truecrypt for Debian. There was an older discussion on l.d.legal for an older version of the TrueCrypt license, where the most developers said, that it is not distributeable. You're probably referring to the thread that starts here: http://lists.debian.org/debian-legal/2006/06/msg00294.html If this is the case, from a quick glance (I haven't yet found the time to re-read the whole discussion!) it seems that the license text was not fully quoted at the time. This makes it harder to understand if and how the license has changed since then. But as I know TrueCrypt has modified the license, so that more distributions could ship it. Here it is: http://www.truecrypt.org/license.php When requesting a license analysis to debian-legal, it is always recommended to fully quote the license text, for future reference. This was unfortunately not done in the previous thread (as I said above): let's do it now. The plain text version of the licence may be found at http://www.truecrypt.org/docs/License.txt and is pasted below in its entirety. TrueCrypt Collective License Version 1.2 The TrueCrypt Collective License consists of several distinct licenses, which are contained in this document (separated by lines consisting of underscores) and which are, in this section, referred to as component licenses. Each of the component licenses applies only to (portions of) the source code file(s) in which the component license is contained or in which it is explicitly referenced, and to compiled or otherwise processed forms of such source code. None of the component licenses applies to this product as a whole, even when it uses the phrase this product or any other equivalent term/phrase. Unless otherwise stated, graphics and files that are not part of the source code are covered solely by the TrueCrypt License. Note: The TrueCrypt License is one of the component licenses of which the TrueCrypt Collective License consists. Anyone who uses and/or reproduces and/or modifies and/or (re)distributes any part(s) of work made available under this version of the TrueCrypt Collective License, is, by such action(s), accepting in full the responsibilities and obligations contained in the component licenses that apply to the corresponding part(s) of such work. If any term of this license is found to be invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of any other terms of this license that are found to be valid and enforceable under applicable law. TrueCrypt License Version 2.3 I. Definitions 1. This Product means the work (including, but not limited to, source code, graphics, texts, and accompanying files) made available under and covered by this version of this License, as may be indicated by, but is not limited to, copyright notice(s) attached to or included in the work. 2. You means (and Your refers to) an individual or a legal entity (e.g., a non-profit organization, commercial organization, government agency, etc.) exercising rights under this License. 3. Modification means (and modify refers to) any alteration of This Product, including, but not limited to, addition to or deletion from the substance or structure of This Product, and translation into another language. 4. Your Product means This Product modified by You, any work You derive from (or base on) This Product, any work in which You include This Product, or any respective part(s) thereof. 5. Distribution means (and distribute refers to), regardless of means or methods, conveyance or transfer of This/Your Product or portions thereof to third parties, or making This/Your Product or portions thereof available for download to third parties, regardless of whether any third party downloads the product (or a portion thereof) made available for download or not. II. Terms and Conditions for Use, Reproduction, and Distribution 1. You may reproduce and/or distribute This Product, provided that You do not modify any part of This Product (for terms and conditions for reproduction and distribution of modified versions of This Product, see Section III) and provided that You ensure that all the legal notices and documents (containing, e.g., the text of this License, references to this License, etc.) included with This Product are included with every copy of This Product that you make and distribute, and provided that you comply with all applicable terms and conditions of this License. 2. Provided that you comply with all applicable terms and conditions of this License, You may use This Product freely (see also Section III) on any number of computers/systems for non-commercial and/or commercial purposes. III. Terms and Conditions for Modification and Derivation of New Products 1. If all conditions specified in the following paragraphs in this
Re: TrueCrypt License 2.3
Patrick Matthäi [EMAIL PROTECTED] writes: Hello, I wanted to package maybe truecrypt for Debian. There was an older discussion on l.d.legal for an older version of the TrueCrypt license, where the most developers said, that it is not distributeable. But as I know TrueCrypt has modified the license, so that more distributions could ship it. Here it is: http://www.truecrypt.org/license.php I'm not a lawler, so what do you mean, is this license free or when not could I distribute it in non-free? At a glance, the bits that might be controversial appear to be a few naming restriction clauses and some advertising clauses. I don't see anything restricting use or distribution. IANAL -- Måns Rullgård [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
