[License-discuss] TrueCrypt license (not OSI-approved; seeking history, context).

Karl Fogel kfogel at opensource.org
Mon Oct 14 20:32:40 UTC 2013


http://truecrypt.com/ advertises itself as "free open-source disk
encryption software".  However, the license is not OSI-approved:

  http://www.truecrypt.org/legal/license

Does anyone know of any history of consideration or discussion about
this license, at the OSI, FSF, or elsewhere?  Please keep me CC'd on any
followups.

The license is actually a main TrueCrypt custom license, plus some
included third-party licenses, one of which looks BSD-ish, one of which
looks zlib-ish, and one of which (the "Encryption for the Masses"
license) looks like it might be its own custom license.  Oy.

Various people have commented to me that they see potential problems
with the TrueCrypt license w.r.t. the OSD.  I'd be happy if we could
surface all those concerns in this thread.

One potential problem I see is that the trademark protection language is
so over-the-top strong that it might be construed to prevent even
nominative use of the name.  For example, suppose someone distributes a
modified version of Truecrypt and, on receiving a bug report about their
derivative, posted a response on their website -- and possibly in some
docs in their distribution tree -- saying "I don't know if upstream
TrueCrypt at TrueCrypt.org has this problem too."  Would the current
license make the authors of the derivative unacceptably vulnerable to
possible harassment from TrueCrypt from that?  Maybe.

Obviously, I'd like to see TrueCrypt be truly open source.  The ideal
solution is not to have them remove the words "open source" from their
self-description, but rather for their software to be under an
OSI-approved open source license :-).

-Karl


More information about the License-discuss mailing list