truecrypt licence

herOldMan · 2013-12-04 22:47:20

I see that Truecrypt is now in the official (extras) repository. In the past, when installing Truecrypt manually, I had to page through a huge license before install.

How is it that this is no longer necessary?

Wikipedia has a page for Truecrypt at:

http://en.wikipedia.org/wiki/TrueCrypt# … rce_status

Under "Licensing and Open Source status" it states:

The "TrueCrypt License" is unique and contains distribution and copyright-liability restrictions.[58] TrueCrypt 6.3a (released Nov 2009) comes under TrueCrypt License Version 2.8 which was changed in some places from the 2.5 license, but TrueCrypt is still not included in most of the major Linux distributions. As of version 7.1a (released Feb 2012), the TrueCrypt License is Version 3.0.

Discussion of the licensing terms on OSI's license-discuss mailing list October 2013 suggest that the TrueCrypt license has made progress towards compliance with the Open Source Definition but would not yet pass if proposed for OSD certification.

Looking at the latest TrueCrypt license, I can see how they responded to some of the criticism coming from Fedora and others, which is something. Some things they didn't change, though.[59]

The TrueCrypt License has not been officially approved by the Open Source Initiative and is not considered "free" by several major Linux distributions (Arch Linux,[60] Debian,[61] Ubuntu,[62] Fedora,[63] openSUSE,[64] Gentoo[65]), mainly because of the distribution and copyright-liability restrictions.[66]

Has this changed?

ewaller · 2013-12-06 16:53:01

Moving to Arch Discussion.

graysky · 2013-12-06 16:56:02

herOldMan wrote:

I see that Truecrypt is now in the official (extras) repository.

...Truecypt has been in [extra] for years.

Last edited by graysky (2013-12-06 16:56:27)

Scimmia · 2013-12-06 17:04:17

Arch doesn't care about "free". They put it in the repos, you decide if you want to use it or not.

Like graysky said, it's been there for years. At least 5.5 years, that's how far the SVN history goes, and it was imported from the previous system, so it's longer than that.

mhogomchungu · 2013-12-23 05:19:20

It is now possible to manage truecrypt formatted encrypted volumes without using truecrypt binary.

tcplay[1] can create and open truecrypt volumes but its a CLI only solution
cryptsetup[2] can open truecrypt volumes but its a CLI only solution
zulucrypt[3] is a front end to the mentioned two projects and can create and open truecrypt volumes using a CLI solution and a Qt GUI one.

It is possible to use truecrypt volumes completely independently of truecrypt binary.

[1] https://www.archlinux.org/packages/?sor … =&flagged=
[2] https://www.archlinux.org/packages/?sor … =&flagged=
[3] https://aur.archlinux.org/packages.php?K=zulucrypt

solar · 2014-01-10 22:24:15

mhogomchungu: so what? As long as truecrypt can decipher it, it is still victim to the same backdoors in it.

But then again, you prolly don't have much to hide from NSA etc... just ordinary thieves.

mhogomchungu · 2014-01-11 01:17:05

From what i know,the only place truecrypt,or anybody else can have a backdoor is in how the master key is created and that happens when the volume is created.Once its created,its not possible to change it and still be able to access the bulk data.The best way to mitigate the backdoor through master key is by using alternative tools to create the volume,heck,you can even create effectively a new volume by replacing the master of an already existing volume by your own hand made key.

Arch Linux

#1 2013-12-04 22:47:20

truecrypt licence

#2 2013-12-06 16:53:01

Re: truecrypt licence

#3 2013-12-06 16:56:02

Re: truecrypt licence

#4 2013-12-06 17:04:17

Re: truecrypt licence

#5 2013-12-23 05:19:20

Re: truecrypt licence

#6 2014-01-10 22:24:15

Re: truecrypt licence

#7 2014-01-11 01:17:05

Re: truecrypt licence

Board footer