FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Development

 
 
LinkBack Thread Tools
 
Old 04-25-2011, 01:55 PM
Rich Freeman
 
Default TrueCrypt and it's lovely license

On Mon, Apr 25, 2011 at 9:20 AM, Dane Smith <c1pher@gentoo.org> wrote:
> @Trustees: Any thoughts? I didn't mean to step on any toes, I just
> hadn't spotted that old bug until today.

So, speaking only for myself, my thinking is that there is enough
debate over the truecrypt license that I see no point in not just
playing it safe and restricting mirroring. Restricting mirroring will
make Gentoo itself not a party to any redistribution (at least not a
direct party). If we further restrict fetching you could argue that
we're getting ourselves out of the facilitation business as well (not
a legal theory I'm enamored with).

I'd like to propose that devs should not commit ebuilds that do not
have mirroring restrictions unless the license is in
@BINARY-REDISTRIBUTABLE. Perhaps this should be a repoman check.
Whether something ends up in that group is more complicated, but
repoman doesn't need to worry about that.

Neither Debian nor Ubuntu redistribute TrueCrypt. That at the very
least should give us concern with doing so. Their license is also not
considered free by any of the usual bodies.

Sure, it is a little hassle for users, but not that much in the big
scheme of things - especially since other distros don't package it at
all. Better to let any lawyers we retain focus on getting the
foundation in better order and not have them fighting over licenses.

Rich
 
Old 04-25-2011, 02:12 PM
Dane Smith
 
Default TrueCrypt and it's lovely license

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/25/2011 09:55 AM, Rich Freeman wrote:
> On Mon, Apr 25, 2011 at 9:20 AM, Dane Smith <c1pher@gentoo.org> wrote:
>> @Trustees: Any thoughts? I didn't mean to step on any toes, I just
>> hadn't spotted that old bug until today.
>
> So, speaking only for myself, my thinking is that there is enough
> debate over the truecrypt license that I see no point in not just
> playing it safe and restricting mirroring. Restricting mirroring will
> make Gentoo itself not a party to any redistribution (at least not a
> direct party). If we further restrict fetching you could argue that
> we're getting ourselves out of the facilitation business as well (not
> a legal theory I'm enamored with).
>
> I'd like to propose that devs should not commit ebuilds that do not
> have mirroring restrictions unless the license is in
> @BINARY-REDISTRIBUTABLE. Perhaps this should be a repoman check.
> Whether something ends up in that group is more complicated, but
> repoman doesn't need to worry about that.
>
> Neither Debian nor Ubuntu redistribute TrueCrypt. That at the very
> least should give us concern with doing so. Their license is also not
> considered free by any of the usual bodies.
>
> Sure, it is a little hassle for users, but not that much in the big
> scheme of things - especially since other distros don't package it at
> all. Better to let any lawyers we retain focus on getting the
> foundation in better order and not have them fighting over licenses.
>
> Rich
>

These are all good enough reasons for me. Re-Restricted mirror and fetch
in CVS. Thanks =)

- --
Dane Smith (c1pher)
Gentoo Linux Developer -- QA / Crypto / Sunrise / x86
RSA Key: http://pgp.mit.edu:11371/pks/lookup?search=0x0C2E1531&op=index
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJNtYFaAAoJEEsurZwMLhUxRpYP/0+HhQLjdy9jA9WGr9rHxwyU
lH4l1+EZLjYt4/9e7Qfiprln9kX/f/bMLQrExlLv7cgwimKOlDXIeg0SNdHGFc26
01WGyEXUy+6cVrIxrp4CwVrYUC/6idGf6NrQ3UdEM7pStvFWzQE1z7UGNSzeAHK5
OktqXEERY/gYgzT/yzMusyXF9w+Pn9eRmRrDE2tIFbFDboG1eWTojl6xkSGBZIxT
/dfN3zpiGwgLsMeuvFZTLNpC4DthgfL+YakdOxKtnLYfSg5Hw6G mA9vO35pfDYJX
mocu7t67FqSz03A626CvuwzL5dyreUwfGtQZXTqndMSZX34ufg XXjVR0JnJIZQop
k01/5d0jGHmwI4+n37pQM3MnyuX8biNCTnoUez1dqoh/LTeFr3BFAqBGas2IYHHa
+UG22OoZL0JY4gP3dof83moFpI5k33dY+cZX2cnufiqKsboJy6 oDjsFcrseLtKpG
aOKn56yMUUksIh0ef/P2ZtJ0CYO7W2L1zFU5Wb7E9BREy1Q1blW7WQC10ENjzzKs
exIuGi+jI7uRGb90xOiV/a86I3LC0pOeOVEFhxOizUWNEjD0plihAvEjmxYgdYm6
yA/vYbQaYiIPuR+1URnTyB52w/QBcf2EMUlStmE10w755VDn2FilqZk5hkYLQ/0J
Jd+JEl7OmfSvnUkkQ5tE
=emar
-----END PGP SIGNATURE-----
 
Old 04-25-2011, 03:39 PM
Ulrich Mueller
 
Default TrueCrypt and it's lovely license

>>>>> On Mon, 25 Apr 2011, Dane Smith wrote:

> These are all good enough reasons for me. Re-Restricted mirror and
> fetch in CVS.

Maybe the description should be updated too. "Free open-source disk
encryption software" is misleading, when it's neither free software
nor fulfills the open source definition.

Ulrich
 
Old 04-26-2011, 11:57 AM
Angelo Arrifano
 
Default TrueCrypt and it's lovely license

On Seg, 2011-04-25 at 17:39 +0200, Ulrich Mueller wrote:
> >>>>> On Mon, 25 Apr 2011, Dane Smith wrote:
>
> > These are all good enough reasons for me. Re-Restricted mirror and
> > fetch in CVS.
>
> Maybe the description should be updated too. "Free open-source disk
> encryption software" is misleading, when it's neither free software
> nor fulfills the open source definition.
>
> Ulrich
>

What about enumerating some alternatives (dm-crypt+luks etc ..) in post
install? Sometimes people are not aware of them and when they do, it is
too late because no one in their sane mind (except me maybe) will
migrate all the data again into another encryption format.

- Angelo
--
Angelo Arrifano (miknix)
Developer / GPE maintainer
http://www.gentoo.org/~miknix
http://miknix.homelinux.com
 

Thread Tools




All times are GMT. The time now is 07:18 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org