[ciphershed] Re: TrueCrypt Author Claims That Forking Is Impossible http://it.slashdot.org/story/14/06/19/145219/truecrypt-author-claims-that-forking-is-impossible

  • From: "Jason Pyeron" <jpyeron@xxxxxxxx>
  • To: <ciphershed@xxxxxxxxxxxxx>
  • Date: Thu, 19 Jun 2014 12:45:45 -0400

> -----Original Message-----
> From: Stephen R Guglielmo
> Sent: Thursday, June 19, 2014 12:42
> 
> On Thu, Jun 19, 2014 at 12:32 PM, Alain Forget 
> <aforget@xxxxxxx> wrote:
> > Could anyone please enlighten me as to what possible reason 
> this original TrueCrypt developer feels a fork would be impossible?
> >
> > Please correct me if I'm wrong, but I'm pretty sure 
> VeraCrypt is a fork, and we are working on a fork, 
> so...either I'm missing some crucial point, am taking crazy 
> pills, or that original TrueCrypt developer has a very 
> questionable definition of "impossible".
> >
> > Alain
> >
> > -----Original Message-----
> > From: ciphershed-bounce@xxxxxxxxxxxxx 
> [mailto:ciphershed-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Pyeron
> > Sent: Thursday, June 19, 2014 12:23
> > To: ciphershed@xxxxxxxxxxxxx
> > Subject: [ciphershed] TrueCrypt Author Claims That Forking 
> Is Impossible 
> http://it.slashdot.org/story/14/06/19/145219/truecrypt-author-
> claims-that-forking-is-impossible
> >
> > From slashdot:
> >
> > 
> http://it.slashdot.org/story/14/06/19/145219/truecrypt-author-
> claims-that-forkin
> > g-is-impossible
> >
> > http://pastebin.com/RS0f8gwn
> >
> > On a request from Matthew Green to fork the TrueCrypt code, 
> the author answers
> > that this is impossible. He says that this might be no good 
> idea, because the
> > code needs a rewrite, but he allows to use the existing 
> code as a reference. "I
> > am sorry, but I think what you're asking for here is 
> impossible. I don't feel
> > that forking TrueCrypt would be a good idea, a complete 
> rewrite was something we
> > wanted to do for a while. I believe that starting from 
> scratch wouldn't require
> > much more work than actually learning and understanding all 
> of truecrypts
> > current codebase. I have no problem with the source code 
> being used as
> > reference."
> 
> Matthew Green is asking the TC guy to re-license the code and use the
> TrueCrypt trademark in a fork. I think that's what is referred to as
> "impossible," not a fork itself.
> 

Good read.


> As for a fork itself, the TC guy says he doesn't think it's a good
> idea. I think the reason is because they've wanted to do a complete
> rewrite for a while (implying the code architecture has some issues)
> and writing the code from scratch would be as much effort as learning
> the TC code (which is almost always true anyway). He states that using
> it as a reference is fine.
> 
> I've thought of starting an encryption project from scratch using
> wxWidgets and using the TC code as reference, as mentioned, as my own
> little personal project. Is this something we should bother looking
> at? Or maybe develop simultaneously as a TC branch?

To quote the http://pastebin.com/RS0f8gwn:

1.I am sorry, but I think what you're asking for here is impossible. I don't
feel that forking truecrypt would be a good idea, a complete rewrite was
something we wanted to do for a while. I believe that starting from scratch
wouldn't require much more work than actually learning and understanding all of
truecrypts current codebase.

2. 

3.I have no problem with the source code being used as reference.

4. 

5.______________________________________________________________

6.Original message:

7. 

8.Hi,

9.I hope you're well. I understand from seeing some previous emails that you
were one of the Truecrypt developers, and that you're no longer interested in
continuing work on the project. I understand and can sympathize with that.

10. 

11.For the past several months we've been (very slowly) auditing the TC code.
Now that you're no longer maintaining it, there seems to be a great deal of
interest in forking it. I think this interest has reached the point where a fork
is virtually inevitable. This makes me somewhat worried.

12. 

13.We think Truecrypt is an important project - no proprietary disk encryption
system offers cross-platform support and the same feature set. Moreover,
Truecrypt is unlikely to 'go away' just because the developers have abandoned
the project. In fact, it may become significantly less secure if it goes forward
as samizdat or as part of some unauthorized fork.

14. 

15.We'd like the project to continue, but in a responsible way. That means fully
auditing all of the crypto/container and bootloader code and (likely) replacing
much of it with fresh implementations. Even though this will require some
substantial re-development it still seems more practical than 
starting from scratch. The current plan is being led by a group of people who
have a great deal of experience with cryptography and the expertise to identify
flaws, but would prefer not to engineer from scratch.

16. 

17.The main concern we have right now is with the license structure and
trademarks associated with Truecrypt. Of course some will fork the reject
regardless of the legal issues, but this doesn't seem appropriate without clear
guidance. What we would like is permission to take at least portions of the
current codebase and fork it under a standard open source license (e.g.,
GPL/MIT/BSD). We would also like permission to use the Truecrypt trademark as
part of this effort. If that's not possible, we would accept a clear statement
that you would prefer the software not be renamed.

18. 

19.I realize this is a great deal to ask, but I would ask you to consider the
alternative. Without expert attention there's a high likelihood that TC 7.1a or
some future insecure fork will occupy the niche that a secure version of TC
could occupy. Giving your permission to undertake a responsible process of
forking and redevelopment would ensure that your work can go on, and that nobody
is at risk from using older software.

20. 

21.I appreciate any consideration you could give this note. Thank you,

22.Matt

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-                                                               -
- Jason Pyeron                      PD Inc. http://www.pdinc.us -
- Principal Consultant              10 West 24th Street #100    -
- +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
-                                                               -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 


Other related posts: