Don't understand german? Read or subscribe to my english-only feed.

Truecrypt: Open Source or not?

The current release of grml does NOT ship Truecrypt. But why? Truecrypt claims to be a “Free open-source disk encryption software for Windows Vista/XP, Mac OS X, and Linux”. The reason is simple: because the TrueCrypt License Version 2.6 is not a real open source license and does not permit distribution. Quoting section VI./4:

4. Subject to the terms and conditions of this License, You may allow a third party to use Your copy of This Product (or a copy that you make and distribute, or Your Product, or respective parts thereof) provided that the third party overtly accepts and agrees to be bound by all terms and conditions of this License and the third party is not prohibited from using This Product (or portions thereof) by this License (see, e.g., Section VI.7) or by applicable law. However, You are not obligated to ensure that the third party accepts (and agrees to be bound by all terms of) this License if You distribute only the self-extracting package (containing This Product) that does not allow the user to install (nor extract) the files contained in the package until he or she accepts and agrees to be bound by all terms and conditions of this License.

This conflicts with the open source definition. So Truecrypt is NOT open source but currently just provides “free access to the source”. All the major Linux distributions discussed the licensing of Truecrypt as well:

Just a few minor [meta-]distributions (I won’t name them) seem to ship Truecrypt nowadays. Either they aren’t aware of the licensing issue or they don’t care…

Please don’t forget: Open Source isn’t Open Source just because a website claims so. Always check out the LICENSE file(s).

One Response to “Truecrypt: Open Source or not?”

  1. Andrew Cady Says:

    The part of the license which is a problem is not the part that you have put in bold, but rather this clause, particularly the part of it I have bolded:

    provided that the third party overtly accepts and agrees to be bound by all terms and conditions

    Actually I don’t think even this can to be criticized for being “non real open source” or “just providing free access to the source” — it only requires “overt agreement to be bound” to what otherwise would be implicit in copyright. It still legally allows redistributing with modifications, but it certainly makes legal redistributing prohibitively impractical (not to mention code reuse).

    It seems conceptually not unlike a version of the GPL which would require everyone to sign a paper contract, rather than be implicitly bound by copyright. It is not non-free, it is just impossible.