For this reason, many Linux distributions have policies of avoiding mislicensed software. Some might regard these concerns as ephemeral, but the experience of the open source community time and again is that projects that refuse to respond to concerns about licensing turn out to be problematic in other ways.
TRUECRYPT NEWS SOFTWARE
As OSI director and open source expert Karl Fogel said, "The ideal solution is not to have them remove the words 'open source' from their self-description, but rather for their software to be under an OSI-approved open source license."
TRUECRYPT NEWS SOFTWARE LICENSE
While it's accurate to describe the software as "free" because it is made available without charge (although the license is also not a free software license according to the FSF license list), it is not at all appropriate for it to describe itself as "open source." This use of the term "open source" to describe something under a license that's not only unapproved by OSI but known to be subject to issues is unacceptable.Īt our meeting this week, members of OSI's board expressed deep concern that the project is behaving in this way. It has not been resubmitted to OSI for approval. Despite some changes since then, the license remains confusing, and to some commentators, it seems to have requirements incompatible with the OSD. That was probably done because experts examining the license considered it unlikely to gain approval and said as much to the OSI board. Though submitted to OSI for approval in 2006, it was withdrawn from consideration by TrueCrypt just before OSI would have ruled on the OSD compliance of the license. The license used by TrueCrypt is not OSI approved. The consensus in the open source community is that licenses that want to describe themselves as open source must be approved by the Open Source Initiative (OSI, of which I am currently president) as conformant with the Open Source Definition (OSD).
The project will also seek to devise release practices that give users confidence that the program they download has in fact been built from the audited source and not some modified version with secret backdoors.īeyond the integrity of the source code and the binary release, the copyright license used by TrueCrypt presents a serious issue.
TRUECRYPT NEWS FULL
This month a crowdfunded project to perform a professional audit of the code achieved full funding in a very short time. Without this, there are no grounds beyond its authors' claims to trust its effectiveness or integrity - in other words, who knows, it could have a "backdoor." This is a situation open source community members will no longer tolerate, especially given the consistent anonymity of the authors.įortunately, since the source code is publicly available, an audit is possible independent of the developers. The headline concern about TrueCrypt is that there's no published audit of the source code by known security experts.
In light of recent revelations about the actions of the NSA and other security agencies to compromise encryption software, concern about the integrity of security software can scarcely be considered paranoid.
0 kommentar(er)
