Way to go! Comments below. On 6/12/2014 3:09 PM, Stephen R Guglielmo wrote: > I have TC compiling successfully on Windows. I'll get a binary up > soon. There are a bunch of prerequisites to get it working, some > freely available and some not. I was going to include everything I > could (the freely available/licensed) within our codebase for > ease-of-use. I was wondering if everyone else felt the same. > > My proposal: > -The original TrueCrypt 7.1a archives (the tar.gz and the .zip) are > located in `/OriginalSources/`. > -The truecrypt-hashes.asc file is also in there, along with a short > text file proving the verification. > -The three RSA PKS header files are in `/Pkcs11/` > -gzip.exe and dd.exe from the GnuWin32 project are included in `/GnuWin32/` Sounds good. Sort of like the TrueCrypt authors, RSA decided to roll-their-own license for the PKS head files. They forgot to mention that we are granted the right to redistribute derived works form their code, which is probably why most people make developers go download it themselves. It's no worse than the TrueCrypt 3.0 license. Clearly the authors intended for derived works to be shared... duh. So, I say go ahead and check them into our repo. We will need to put "derived from the RSA Security Inc. PKCS #11 * Cryptographic Token Interface (Cryptoki)" somewhere in either the about box or docs somewhere. For two major crypto effors (TrueCrypt and RSA), who clearly understand that roll-your-own crypto should only be done with intense review by experts, why did they think they did not need legal experts for writing licenses? It turns out that we are all stupid when it comes to what we don't know... > How does this sound for including this stuff in our distribution? Or > should we leave it for others to obtain? I like it. I'd say verify it the best you can and sign it in. > I'm writing Windows compilation instructions on the wiki. > > I wanted to included Microsoft Visual C++ 1.52c, however, I don't > think the license would allow it. I can't find details on the license > though (there's no LICENSE file in the zip). It's from 1993, so I > doubt Microsoft would pursue a lawsuit. However, I wouldn't want to > include anything questionable. Yeah... including Microsoft stuff tends to be a problem. Just put instructions on the wiki for finding and downloading the needed version. Bill