lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <538DADF0.3070101@gmail.com>
Date: Tue, 03 Jun 2014 12:13:52 +0100
From: Dave Howe <davehowe.pentesting@...il.com>
To: fulldisclosure@...lists.org
Subject: Re: [FD] TrueCrypt 7.1 repos on GitHub - forking starting point

On 30/05/2014 21:00, Brandon Perry wrote:
> Two issues with this:
>
> 1) TrueCrypt wasn't free as in freedom, it was free as in beer. These forks
> break the license afaik.
Not seeing this to be honest. I have taken a look at the 3.0 licence
(applicable to 7.1a), and can't see any real reason to state that you
couldn't fork the project under a new name, but keeping the same code
base and licence.  Its possible I missed something though, which actual
term do you feel prevents forking?

> 2) Do you trust these users to understand the codebase thoroughly enough
> and understand cryptography enough to not introduce stupid crypto bugs?
> That is a huge caveat.
No. But if there is an independent auditor already being paid to audit
the code, and THAT project has plenty of funding left, it would seem a
worthwhile use of the money to audit any new changes as they are
committed, so that once we HAVE an audited codebase, it stays audited
despite being a moving target.



_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ