The current release of grml does NOT ship Truecrypt. But why? Truecrypt claims to be a “Free open-source disk encryption software for Windows Vista/XP, Mac OS X, and Linux”. The reason is simple: because the TrueCrypt License Version 2.6 is not a real open source license and does not permit distribution. Quoting section VI./4:
4. Subject to the terms and conditions of this License, You may allow a third party to use Your copy of This Product (or a copy that you make and distribute, or Your Product, or respective parts thereof) provided that the third party overtly accepts and agrees to be bound by all terms and conditions of this License and the third party is not prohibited from using This Product (or portions thereof) by this License (see, e.g., Section VI.7) or by applicable law. However, You are not obligated to ensure that the third party accepts (and agrees to be bound by all terms of) this License if You distribute only the self-extracting package (containing This Product) that does not allow the user to install (nor extract) the files contained in the package until he or she accepts and agrees to be bound by all terms and conditions of this License.
This conflicts with the open source definition. So Truecrypt is NOT open source but currently just provides “free access to the source”. All the major Linux distributions discussed the licensing of Truecrypt as well:
Just a few minor [meta-]distributions (I won’t name them) seem to ship Truecrypt nowadays. Either they aren’t aware of the licensing issue or they don’t care…
Please don’t forget: Open Source isn’t Open Source just because a website claims so. Always check out the LICENSE file(s).