[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] TrueCrypt 7.1 repos on GitHub - forking starting point

To: fulldisclosure@xxxxxxxxxxxx
Subject: Re: [FD] TrueCrypt 7.1 repos on GitHub - forking starting point
From: Dave Howe <davehowe.pentesting@xxxxxxxxx>
Date: Tue, 03 Jun 2014 12:13:52 +0100

On 30/05/2014 21:00, Brandon Perry wrote:
> Two issues with this:
>
> 1) TrueCrypt wasn't free as in freedom, it was free as in beer. These forks
> break the license afaik.
Not seeing this to be honest. I have taken a look at the 3.0 licence
(applicable to 7.1a), and can't see any real reason to state that you
couldn't fork the project under a new name, but keeping the same code
base and licence.  Its possible I missed something though, which actual
term do you feel prevents forking?

> 2) Do you trust these users to understand the codebase thoroughly enough
> and understand cryptography enough to not introduce stupid crypto bugs?
> That is a huge caveat.
No. But if there is an independent auditor already being paid to audit
the code, and THAT project has plenty of funding left, it would seem a
worthwhile use of the money to audit any new changes as they are
committed, so that once we HAVE an audited codebase, it stays audited
despite being a moving target.



_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: Re: [FD] TrueCrypt?
Next by Date: Re: [FD] TrueCrypt 7.1 repos on GitHub - forking starting point
Previous by thread: Re: [FD] TrueCrypt?
Next by thread: Re: [FD] TrueCrypt 7.1 repos on GitHub - forking starting point
Index(es):
- Date
- Thread