[ciphershed] Re: Signed System Driver

  • From: Stephen R Guglielmo <srguglielmo@xxxxxxxxx>
  • To: ciphershed@xxxxxxxxxxxxx
  • Date: Sat, 14 Jun 2014 13:05:34 -0400

On Sat, Jun 14, 2014 at 12:40 PM, JB <afrotrap@xxxxxxxxx> wrote:
> On Sat, 14 Jun 2014 11:44:28 -0400
> "Alain Forget" <aforget@xxxxxxx> wrote:
>
>> Sounds reasonable to me, although I know nothing about how to set that up, or
>> any other legal stuff. However, signing certs aside, we'll have to deliver 
>> the
>> software with the appropriate EULA saying that we bare no responsibility for
>> any consequences of using the software and blah blah (which maybe TrueCrypt
>> already did?), so that if we do mess up and release broken/malicious software
>> by accident, we (as members of the organisation) shouldn't suffer legal
>> consequences. However, our reputation would of course suffer...so let's 
>> please
>> try not to let that happen. :-)
>>
>> Alain
>>
>
>   Why not a BSD/MIT style license, as is used in Slackware builds? Check it 
> out
>   here http://slackbuilds.org/templates/autotools-template.SlackBuild

We do plan on moving towards a BSD license in the future, but that can
only legally happen after we replace almost all the code entirely. The
current TrueCrypt license doesn't allow for it, so we have to remove
all code that the TrueCrypt license applies to prior to re-licensing.
That's probably a year+ down the road.

Alain, the current TrueCrypt license already has us covered:

Software distributed under this license is distributed on an "AS
IS" BASIS WITHOUT WARRANTIES OF ANY KIND. THE AUTHORS AND
DISTRIBUTORS OF THE SOFTWARE DISCLAIM ANY LIABILITY.

However, I'm not sure how that applies when money is involved (eg,
"buying a certificate"). I wonder if the EFF ever got back to Bill?

Other related posts: