[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <538DADF0.3070101@gmail.com>
Date: Tue, 03 Jun 2014 12:13:52 +0100
From: Dave Howe <davehowe.pentesting@...il.com>
To: fulldisclosure@...lists.org
Subject: Re: [FD] TrueCrypt 7.1 repos on GitHub - forking starting point
On 30/05/2014 21:00, Brandon Perry wrote:
> Two issues with this:
>
> 1) TrueCrypt wasn't free as in freedom, it was free as in beer. These forks
> break the license afaik.
Not seeing this to be honest. I have taken a look at the 3.0 licence
(applicable to 7.1a), and can't see any real reason to state that you
couldn't fork the project under a new name, but keeping the same code
base and licence. Its possible I missed something though, which actual
term do you feel prevents forking?
> 2) Do you trust these users to understand the codebase thoroughly enough
> and understand cryptography enough to not introduce stupid crypto bugs?
> That is a huge caveat.
No. But if there is an independent auditor already being paid to audit
the code, and THAT project has plenty of funding left, it would seem a
worthwhile use of the money to audit any new changes as they are
committed, so that once we HAVE an audited codebase, it stays audited
despite being a moving target.
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists