Please add a popular license

[andreicristianpetcu]

Hi! Since this is a fork can you please add a more popular license like GPLv3, Apache, MIT or just any popular free and open source license? TrueCrypt is not "free software" and it is not "open source" it is "source available". With a clear, popular license it is easy for everybody to understand what can and cannot be done with the source code. http://en.wikipedia.org/wiki/TrueCrypt#License_and_Open_Source_status

[felixrabe]

Being not the original authors, I guess it will be legally complicated for them to just change the license.

[ChrisMcKee]

With the original authors spending most of the softwares existence hiding themselves behind fake names, one can only assume the Copyright is pretty worthless. Regardless the project 'according to the terms' needs renaming.

[FreeApophis]

We certainly will try - currently we think that the last License Change is also valid for the 7.1 Release. But as @felixrabe has written we are not owner of the code. However it looks like the TrueCrypt Team has largerly abandonned it's Code.

[felixrabe]

I like this effort, but please keep in mind there is a reason many open source communities ask for contributor agreements. IANAL, but I think copyright law protects works regardless of the author's anonymity.

My suggestion: Contact a lawyer specialized in (international) copyright law.

[FreeApophis]

Absolutley true - as I said currently we understand that the Code is under the new License including Older releases. Otherwise the License Change would not make much sense. Otherwise we cannot do much.

[felixrabe]

@ryanlol - I disagree, or maybe I don't understand you right.

I would love to have a project like truecrypt.ch come up and take over my project in good faith and with a solid understanding of the legal issues if I was anonymous and had to abandon my original project for some reason. And I think being conscious of the possibilities and legal extent of what is possible and acting on that (as I said, in good faith) will earn respect.

The goal and the intent here (as I understand it) is to not let TrueCrypt die.

[edudemy]

Section III of the License text clarifies the circumstances under which a (modified/unmodified) fork/derivative can carry forward the legacy of Crypt 2.0

[andreicristianpetcu]

I don't think "good faith" and copyright law get along with each other. Relicensing might be quite tricky and it might involve a lawyer who understands computer copyright and copyleft law. My initial impression was that relicensing is just as simple as picking a new license and pushing the LICENSE.txt file to the git repo but I'm starting to see the complications that might appear.

[oderwat]

Maybe related: https://www.schneier.com/blog/archives/2014/05/truecrypt_wtf.html#c6345306

[felixrabe]

@andreicristianpetcu - I don't know the license myself yet, but if it does not explicitly allow relicensing (like MIT-style licenses do, as opposed to GPL-style licenses), relicensing is probably (IANAL) impossible without the explicit written consent of the original authors. (IANAL, but I wrote a school work once on intellectual property.)

[felixrabe]

@oderwat - Interesting link, thanks. I'll quote it here:

As a practicing attorney, if a client came to me asking if it would be alright to fork truecrypt, my advice would be: "go for it." Completely setting aside what the license says, or whether it's enforceable, a potential lawsuit would never survive a pre-answer motion to dismiss for lack of standing. To even get in the door to the courthouse, a plaintiff would have to first reveal his/her/their identities, and second prove that he(/she/they) is(/are) in fact truecrypt's anonymous author(/s). The first is highly unlikely because it would be extremely out of character. The second is highly unlikely because it's probably impossible. Without a credible threat of a lawsuit (that will at least survive a pre-answer motion) to back it up, the license is just words on a page.

(https://www.schneier.com/blog/archives/2014/05/truecrypt_wtf.html#c6345306)

[oderwat]

Yes but he "refines" his statement later in the discussion: https://www.schneier.com/blog/archives/2014/05/truecrypt_wtf.html#c6345932 .. I personally think that "forking" is not forbidden in the first place (and happened in the past). Replacing the license ... dunno! So just continue with the current license and maybe don't call that thing TrueCrypt ... and link or link not to the original site. To me the most important thing is the security audit. We need clear information about 7.1a in that regard... even more after this "strange" development.

[edudemy]

Relevant portions of TrueCrypt License text

"II. Use, Copying, and Distribution of This Product

1. Provided that You comply with all applicable terms and conditions of this License, You may make copies of This Product (unmodified) and distribute copies of This Product (unmodified) that are not included in another product forming Your Product (except as permitted under Chapter III). Note: For terms and conditions for copying and distribution of modified versions of This Product, see Chapter III."

" III. Modification, Derivation, and Inclusion in Other Products

1. If all conditions specified in the following paragraphs in this Chapter (III) are met (for exceptions, see Section III.2) and if You comply with all other applicable terms and conditions of this License, You may modify This Product (thus forming Your Product), derive new works from This Product or portions thereof (thus forming Your Product), include This Product or portions thereof in another product (thus forming Your Product, unless defined otherwise in Chapter I), and You may use (for non-commercial and/or commercial purposes), copy, and/or distribute Your Product.
   1. The name of Your Product (or of Your modified version of This Product) must not contain the name TrueCrypt (for example, the following names are not allowed: TrueCrypt, TrueCrypt+, TrueCrypt Professional, iTrueCrypt, etc.) nor any other names confusingly similar to the name TrueCrypt (e.g., True-Crypt, True Crypt, TruKrypt, etc.)"

"Portions of the source code of Your Product not contained in This Product (e.g., portions added by You in creating Your Product, whether created by You or by third parties) must be available under license(s) that (however, see also Subsection III.1.e) allow(s) anyone to modify and derive new works from the portions of the source code that are not contained in This Product and to use, copy, and redistribute such modifications and/or derivative works. The license(s) must be perpetual, non-exclusive, royalty-free, no-charge, and worldwide, and must not invalidate, weaken, restrict, interpret, amend, modify, interfere with or otherwise affect any part, term, provision, or clause of this License. The text(s) of the license(s) must be included with every copy of Your Product that You make and distribute.

  Note: If you cannot comply with the above requirements, you may contact licensing@truecrypt.org.

1. You must not change the license terms of This Product in any way (adding any new terms is considered changing the license terms even if the original terms are retained), which means, e.g., that no part of This Product may be put under another license. You must keep intact all the legal notices contained in the source code files. You must include the following items with every copy of Your Product that You make and distribute: a clear and conspicuous notice stating that Your Product or portion(s) thereof is/are governed by this version of the TrueCrypt License, a verbatim copy of this version of the TrueCrypt License (as contained herein), a clear and conspicuous notice containing information about where the included copy of the License can be found, and an appropriate copyright notice.
2. You are not obligated to comply with Subsection III.1.d if Your Product is not distributed (i.e., Your Product is available only to You).

Note: If you cannot comply with Subsection III.1.d, you may contact licensing@truecrypt.org."

[edudemy]

TrueCrypt is itself a derivative of E4M (encyryption for the masses) & other predecessors - as reflected in the License history.

[felixrabe]

@ryanlol - I do not think violating TrueCrypt's license is the goal here.

Disclaimer: I am not part of this project, but I sympathize with its goals, which are, as per truecrypt.ch: "the gathering place for all up-to-date information [concerning TrueCrypt]".

[YtvwlD]

I am no lawyer.

But as I understand the license (see above) I would think, the solution would be keeping the original license for the original things (include a diff or something like that) and relicense the whole thing under the GPL (for example) - stating that it is built on top of TrueCrypt - thereby referring to the diff and the original license.

(Well, and contacting licensing@truecrypt.org doesn't seem to be a good idea.)

[tigerhawkvok]

What about something like a conditional license?

1. This code is licensed under GPLv3, included in this distribution as FILENAME.
2. This code was relicensed on DATE after apparent abandonment by its maintainers. Should the maintainers prove that such abandonment was malicious or fabricated, the all code contained in INITIAL COMMIT reverts back to the license in the same commit, with all modifications licensed under GPLv3.

Or something similar, but with more legalese as IANAL.

While I'm at it, let me pitch "NewCrypt" as the fork name. Rhymes with the original and makes the history and status unambiguous.

[lance0]

With the profile of this repo, engaging lawyers is the correct plan of action. If this is to truly be a truecrypt successor all the knots need tied perfectly.

[eligrey]

The only primary license change I can see as possibly being legal is to upgrade to the Truecrypt License 3.1.

[felixrabe]

Based on https://github.com/FreeApophis/TrueCrypt/issues/5#issuecomment-44702287, I propose to change the title of this issue from

Please add a popular license

to

Clarify licensing

[felixrabe]

It's worth following @TrueCryptNext on Twitter. This tweet is related to this issue:

https://twitter.com/CipherLaw/status/472157471948029952:

@pbarreto @justintroutman @matthew_d_green Yes, we are formally reviewing the TrueCrypt licensing provisions.

[andreicristianpetcu]

Or if you can get a PGP signed message in which the original creators offer you the possibility to relicense unde your license of choice, there will be no need for a lawyer. Try contacting the Software Freedom Law center. They do pro bono work for this type of stuff. https://www.softwarefreedom.org

[andreicristianpetcu]

@felixrabe the GPL does allow relicensing into AGPL (and probably other strong copyright licenses). GPL does this because it creates a common pool of free software that stays free. MIT/BSD licenses are almost like the public domain and I tend to avoid them. The problem with the current license is that it is nonfree/closedsource license and that's why it cannot be relicensed. https://fedoraproject.org/wiki/Forbidden_items?rd=ForbiddenItems#TrueCrypt

[lance0]

@felixrabe the repo owner and the twitter owner are one in the same.

[JamesSwift]

@andreicristianpetcu Indeed, but the original author can relicense a project if they choose to. If there are several authors though, they would need to all sign an agreement.

[KAMiKAZOW]

Um… guys… There is a clean room reimplemetation of TrueCrypt since years: https://github.com/bwalex/tc-play tcplay has been written from scratch and falls under an actual free software license.

[felixrabe]

Just summarizing and giving kudos: (am having a great Sunday here :) )

@KAMiKAZOW Thanks for pointing out tc-play! Very interesting.

@andreicristianpetcu Thanks for the PGP-signing agreement idea and pointing out the SFLC pro-bono law work.