Hacker News new | past | comments | ask | show | jobs | submit login

I was under the impression it couldn't be forked. Incorrect?



The TrueCrypt author is anonymous and would have to reveal their identity in order to enforce the license, which they would be very unlikely to do.

According to CipherShed's forum the main thing they have to do is remove all references to TrueCrypt from the code: https://forum.ciphershed.org/viewtopic.php?f=12&t=48

I'm not sure if anyone on this site is actually a TrueCrypt developer but there is a new forum: https://forum.truecrypt.ch/

They have some discussion about CipherShed and some other TrueCrypt forks: https://forum.truecrypt.ch/t/working-with-ciphershed/22


Shouldn't, but could:

> On 16 June 2014, the only alleged TrueCrypt developer still answering emails, replied to an email by Matthew Green about the licensing situation. He is not willing to change the license to an open source one, believes that Truecrypt should not be forked, and that if someone wants to create a new version they should start from scratch.[1]

(Copy of the email on pastebin[2])

[1]: http://en.wikipedia.org/wiki/TrueCrypt#End_of_life_and_licen... [2]: http://pastebin.com/RS0f8gwn


The letter of copyright law might allow a prohibition of forking and relicensing (to reiterate, the TC author would have to reveal him or herself in order to enforce that prohibition), but philosophically...

"I don't feel that forking truecrypt would be a good idea..."

This is a straight-up abuse of copyright law. Author has no intent of profiting from the project, no intent of continuing to work on the project, and still waves around the hammer of copyright as if it's a fundamental right absent any connection to the constitutional qualification of promoting progress in the sciences and useful arts.

To say there's a moral imperative against forking and relicensing in this scenario is stretching the rationale for the copyright monopoly quite far.


Interesting. To who else's work can you write a nerd message board post explaining your intrinsic entitlement?

It's not at all shocking that the creator and maintainer of a free encrypted filesystem would eventually abandon the effort, given that comments like these are how the effort is ultimately repaid.

Is there a name for the hammer you swing, the hammer not of abusing copyright but instead of not writing simulated hardware disk encryption and donating it for free? It seems to me that's a far mightier hammer than the one you described.


From each according to their ability and all that. Oh, you can write crypto software? Therefore you must write it for me.


Uh oh, it looks like @tptacek's calling people message board nerds again.


I'm @tqbf, not @tptacek. @tptacek is some other person on Twitter.


I'm still wondering whether this is an elaborate way to tell people that Trucrypt is completely compromised and shouldn't be used.


Of course you are. That's a fun thought experiment. Details of licensure, burned out developers, and Truecrypt's modern place among all the other encrypted storage schemes are much more boring than the cloak and dagger fiction of a Truecrypt warrant canary.


Since the developer(s) is/are anonymous - why would they need any elaborate way of telling people this? They could just state that they consider the code compromised and advise not to use it anymore.


Actually incorrect. (Not legal advice, but read the licences yourself.)

The previous version of TrueCrypt (7.1a - the one you'd actually want to fork because it could still encrypt things), was still under a licence that'd allow you to fork it as long as you didn't call it TrueCrypt (or anything resembling it).

That was basically inherited from E4M. It's an ugly licence, however.

https://diskcryptor.net/ might be worth looking into (this is not a recommendation, I have not audited it). It's certainly cleaner - TC's kinda ugly inside, with a decade of maint cruft.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: