Hi, On 27/01/15 12:58, Markus Kolb wrote:
Am 2015-01-27 12:33, schrieb Ciaran Farrell:
I took a quick look now. The MS-PL is fine for Factory but you rightly pointed out that the TrueCrypt license is not.
What I can't immediately see is the relationship between VeraCrypt and TrueCrypt. The VeraCrypt website does say it is 'based on' TrueCrypt, but what is that supposed to mean from a copyright perspective? If VeraCrypt is a derivative work of TrueCrypt, then it must comply with the terms in the TrueCrypt license for derivative works. If it doesn't, it is in violation of those license terms and we can certainly not distribute it.
Is there any way of telling what is meant by 'based on TrueCrypt'?
VeraCrypt uses both licenses. This also complies with the TrueCrypt license. This 'based on TrueCrypt' is required by the TrueCrypt license (III.1.3). It is a derivative work. I think the question is, if it is NonFree in the opinion of SUSE.
Whatever the re-licencing of VeraCrypt, due to it being a derivative work of TrueCrypt it is subject to the TrueCrypt licence. I assume it merely attempts to *comply* with it by removing trademarks and the TrueCrypt names etc. as required by said licence for derivative works. However, mere compliance does not make it re-distributable completely under an OSI approved licence (here: MS-PL), and the code inherits restrictions incompatible with OSI approval from the former licence until rewritten. And as far as the re-licencing attempt goes, III.1.e [1] states:
e. You must not change the license terms of This Product in any way (adding any new terms is considered changing the license terms even if the original terms are retained), which means, e.g., that no part of This Product may be put under another license.
IMHO IANAL, Andreas [1] https://github.com/FreeApophis/TrueCrypt/blob/master/License.txt#L183-L187 -- To unsubscribe, e-mail: opensuse-bar+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-bar+owner@opensuse.org