Debian Bug report logs - #413070
RFP: truecrypt-installer -- Make *.deb packages out of Truecrypt sources

Package: wnpp; Maintainer for wnpp is wnpp@debian.org;

Reported by: Jari Aalto <jari.aalto@cante.net>

Date: Fri, 2 Mar 2007 01:12:01 UTC

Severity: wishlist

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>:
Bug#413070; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to Jari Aalto <jari.aalto@cante.net>:
New Bug report received and forwarded. Copy sent to <wnpp@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Jari Aalto <jari.aalto@cante.net>
To: submit@bugs.debian.org
Subject: RFP: truecrypt-installer -- Make *.deb packages out of Truecrypt sources
Date: Fri, 02 Mar 2007 03:09:58 +0200
Package: wnpp
Severity: wishlist

* Package name    : truecrypt-installer
  Version         : 20070302
  Upstream Author : Name <somebody@example.org>
* URL             : http://cante.net/"jaalto/tmp/debian/truecrypt
* License         : GPL
  Programming Lang: bourne-shell
  Description     : Make *.deb packages out of Truecrypt sources
  Depends         : debhelper (>= 5), devscripts, bzr (>= 0.11), wget

 The truecrypt Licence is not DFSG compliant and cannot therefore
 packaged directly. This is "wrapper" package which provides
 commands:
 
   truecrypt-download
   truecrypt-dpkg
 
 The first command downloads the canonical source. The second one
 assembles proper debian/ build structure and initiates the debuild(1)
 process un the source directory. The result is ready to be installed
 *.deb packages. The build & install process must be repeated for every
 kernel upgrade for the needed *.ko modules.
 
 Note that the linux-source-* and linux-kbuild-* packages need to be
 installed manually to match running kernel.
 




Changed Bug title. Request was from Jari Aalto <jari.aalto@cante.net> to control@bugs.debian.org. Full text and rfc822 format available.

Owner recorded as Jari Aalto <jari.aalto@cante.net>. Request was from Jari Aalto <jari.aalto@cante.net> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, Jari Aalto <jari.aalto@cante.net>:
Bug#413070; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to Didier Raboud <didier@raboud.com>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, Jari Aalto <jari.aalto@cante.net>. Full text and rfc822 format available.

Message #14 received at 413070@bugs.debian.org (full text, mbox):

From: Didier Raboud <didier@raboud.com>
To: 413070@bugs.debian.org
Cc: Jari Aalto <jari.aalto@cante.net>
Subject: Re: RFP: truecrypt-installer -- Make *.deb packages out of Truecrypt sources
Date: Thu, 14 Feb 2008 15:41:48 +0100
[Message part 1 (text/plain, inline)]
Le vendredi, 2 mars 2007 02.09:58 Jari Aalto, vous avez écrit :
> Package: wnpp
> Severity: wishlist
>
> * Package name    : truecrypt-installer
>   Version         : 20070302
>   Upstream Author : Name <somebody@example.org>
> * URL             : http://cante.net/"jaalto/tmp/debian/truecrypt
> * License         : GPL
>   Programming Lang: bourne-shell
>   Description     : Make *.deb packages out of Truecrypt sources
>   Depends         : debhelper (>= 5), devscripts, bzr (>= 0.11), wget
> (...)

Hi, I would suggest you to take a look on this more recent project :

https://launchpad.net/truecrypt-installer

I have no idea about its cross-plateform'ability (I would take it for 
amd64...) but it is certainly worth a try !

Regards,

Didier

-- 
Didier Raboud
Cornalles 2
1802 Corseaux
didier@raboud.com
079 480 67 82
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>:
Bug#413070; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to Jari Aalto <jari.aalto@cante.net>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>. Full text and rfc822 format available.

Message #19 received at 413070@bugs.debian.org (full text, mbox):

From: Jari Aalto <jari.aalto@cante.net>
To: Didier Raboud <didier@raboud.com>
Cc: 413070@bugs.debian.org
Subject: Re: RFP: truecrypt-installer -- Make *.deb packages out of Truecrypt sources
Date: Fri, 15 Feb 2008 13:25:59 +0200
* Thu 2008-02-14 Didier Raboud <didier@raboud.com> INBOX
> Le vendredi, 2 mars 2007 02.09:58 Jari Aalto, vous avez écrit :
>
>> Package: wnpp
>> Severity: wishlist
>>
>> * Package name    : truecrypt-installer
>>   Version         : 20070302
>>   Upstream Author : Name <somebody@example.org>
>> * URL             : http://cante.net/"jaalto/tmp/debian/truecrypt
>> * License         : GPL
>>   Programming Lang: bourne-shell
>>   Description     : Make *.deb packages out of Truecrypt sources
>>   Depends         : debhelper (>= 5), devscripts, bzr (>= 0.11), wget
>> (...)
>
> Hi, I would suggest you to take a look on this more recent project :
>
> https://launchpad.net/truecrypt-installer
>
> I have no idea about its cross-plateform'ability (I would take it for 
> amd64...) but it is certainly worth a try !

Thanks,

Btw. I'm the owner of the WNPP/RFP and the lead developer of the
launchpad project as well :-).

Needs sposor. The Debs are at

  https://code.launchpad.net/truecrypt-installer/trunk
  => Look into latest version

Jari

-- 
Welcome to FOSS revolution: we fix and modify until it shines




Message sent on to Jari Aalto <jari.aalto@cante.net>:
Bug#413070. Full text and rfc822 format available.

Message #22 received at 413070-submitter@bugs.debian.org (full text, mbox):

From: "Jose Carlos Garcia Sogo" <jose@tribulaciones.org>
To: 413070-submitter@bugs.debian.org
Subject: truecrypt-installer
Date: Sun, 2 Mar 2008 01:28:01 +0100
[Message part 1 (text/plain, inline)]
Hi,

I can sponsor that package, but I am not sure how bzr branchs works, so I
think I am getting latest version instead of a released one.
Can you tell me how should I get a released version (both source and
debian/)

Cheers

-- 
José Carlos García Sogo
 jsogo@debian.org
[Message part 2 (text/html, inline)]

Information stored:
Bug#413070; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to Jari Aalto <jari.aalto@cante.net>:
Extra info received and filed, but not forwarded. Full text and rfc822 format available.

Message #27 received at 413070-quiet@bugs.debian.org (full text, mbox):

From: Jari Aalto <jari.aalto@cante.net>
To: "Jose Carlos Garcia Sogo" <jose@tribulaciones.org>
Cc: 413070-quiet@bugs.debian.org
Subject: Re: Bug#413070: truecrypt-installer
Date: Sun, 02 Mar 2008 18:21:23 +0200
* Sun 2008-03-02 Jose Carlos Garcia Sogo <jose@tribulaciones.org> INBOX
> Hi,
>
> I can sponsor that package, but I am not sure how bzr branchs works, so I
> think I am getting latest version instead of a released one.

Thank you. I've released new *.deb available at:

dget -x http://cante.net/~jaalto/tmp/debian/truecrypt-installer/truecrypt-installer_20080302-1.dsc

> Can you tell me how should I get a released version (both source and
> debian/)

If you want to work with version control sources, the development is
divided into two branches:

    trunk       => truecrypt-{download,dpkg} + manual pages
    debian      => the debian build structure dir

The above *.deb is assembled from these two.

    https://code.launchpad.net/~jari-aalto/truecrypt-installer/debian
    https://code.launchpad.net/~jari-aalto/truecrypt-installer/trunk

Jari

-- 
Welcome to FOSS revolution: we fix and modify until it shines




Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, Jari Aalto <jari.aalto@cante.net>:
Bug#413070; Package wnpp. (Thu, 25 Sep 2008 09:24:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Philipp Hübner <debalance@arcor.de>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, Jari Aalto <jari.aalto@cante.net>. (Thu, 25 Sep 2008 09:24:02 GMT) Full text and rfc822 format available.

Message #32 received at 413070@bugs.debian.org (full text, mbox):

From: Philipp Hübner <debalance@arcor.de>
To: 413070@bugs.debian.org
Subject: truecrypt-installer
Date: Thu, 25 Sep 2008 11:20:33 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

what is the latest status of this package?

Regards,
- --
 .''`.   Philipp Hübner <debalance@arcor.de>
: :'  :
`. `'`
  `-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkjbV+EACgkQFhl05MJZ4Ojk1QCbBhQOw1tPkyZcuYiBrCCFR4ON
0qwAn1PB0n+6/oTsWDHuYmuv5s8LPPq5
=rQeh
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>:
Bug#413070; Package wnpp. (Thu, 25 Sep 2008 13:03:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jari Aalto <jari.aalto@cante.net>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>. (Thu, 25 Sep 2008 13:03:02 GMT) Full text and rfc822 format available.

Message #37 received at 413070@bugs.debian.org (full text, mbox):

From: Jari Aalto <jari.aalto@cante.net>
To: Philipp Hübner <debalance@arcor.de>
Cc: 413070@bugs.debian.org
Subject: Re: Bug#413070: truecrypt-installer
Date: Thu, 25 Sep 2008 16:00:38 +0300
Philipp Hübner <debalance@arcor.de> writes:

> Hello,
>
> what is the latest status of this package?

See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413070

Needs sponsor. The latest *.deb it at:

     https://launchpad.net/truecrypt-installer/+download

Packaged according to latest Debian policy version (current 3.8.0). We
can manually close ITP, when package is sponsored.

Jari




Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, Jari Aalto <jari.aalto@cante.net>:
Bug#413070; Package wnpp. (Thu, 25 Sep 2008 18:18:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Philipp Hübner <debalance@arcor.de>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, Jari Aalto <jari.aalto@cante.net>. (Thu, 25 Sep 2008 18:18:06 GMT) Full text and rfc822 format available.

Message #42 received at 413070@bugs.debian.org (full text, mbox):

From: Philipp Hübner <debalance@arcor.de>
To: Jari Aalto <jari.aalto@cante.net>
Cc: Philipp Hübner <debalance@arcor.de>, 413070@bugs.debian.org
Subject: Re: Bug#413070: truecrypt-installer
Date: Thu, 25 Sep 2008 20:14:04 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jari Aalto schrieb:
> Philipp Hübner <debalance@arcor.de> writes:
>> what is the latest status of this package?
> Needs sponsor. The latest *.deb it at:
> 
>      https://launchpad.net/truecrypt-installer/+download
> 
> Packaged according to latest Debian policy version (current 3.8.0). We
> can manually close ITP, when package is sponsored.

You could add a "Closes: " to get this done automatically.
For sponsoring you should send a request to
debian-mentors@lists.debian.org and not wait until somebody sees this
bugreport.

I've tested the package and it buils truecrypt 4.3a which needs
kernel-modules.

The newest version of truecrypt is 6.0a which uses fuse and runs
completely in userspace.

What about this? I'd imagine that users would prefer the up2date version.

Kind regards,
- --
 .''`.   Philipp Hübner <debalance@arcor.de>
: :'  :  http://qa.debian.org/developer.php?login=debalance%40arcor.de
`. `'`
  `-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkjb1OwACgkQFhl05MJZ4Oh8uACfek/TrD4J1Fd5trPv5wG9eEUs
i7kAoLBWIKNx4zJPJ2p7OF52pdJr2BTe
=SCGH
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, Jari Aalto <jari.aalto@cante.net>:
Bug#413070; Package wnpp. (Sat, 05 Sep 2009 23:18:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, Jari Aalto <jari.aalto@cante.net>. (Sat, 05 Sep 2009 23:18:02 GMT) Full text and rfc822 format available.

Message #47 received at 413070@bugs.debian.org (full text, mbox):

From: Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de>
To: 413070@bugs.debian.org
Subject: notes on security
Date: Sun, 06 Sep 2009 01:12:55 +0200
Hi.

May I suggest in advance:

If you download stuff from the web (e.g. the truecrypt sources) that  
get somhow installed,.. you really should add some hashsums checking  
(SHA512) and abort package installation (or creation) if the sums  
don't match with the ones shipped with your package (and probably warn  
the user about a potential security incident).

Best wishes,
Chris

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.





Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>:
Bug#413070; Package wnpp. (Sun, 06 Sep 2009 07:18:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jari Aalto <jari.aalto@cante.net>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>. (Sun, 06 Sep 2009 07:18:03 GMT) Full text and rfc822 format available.

Message #52 received at 413070@bugs.debian.org (full text, mbox):

From: Jari Aalto <jari.aalto@cante.net>
To: Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de>
Cc: 413070@bugs.debian.org
Subject: Re: Bug#413070: notes on security
Date: Sun, 06 Sep 2009 10:06:59 +0300
> Philipp Hübner <debalance@arcor.de> writes:
>The newest version of truecrypt is 6.0a which uses fuse and runs
>completely in userspace.
>
>What about this? I'd imagine that users would prefer the up2date version.

- 4.3 is stable and has no problems (5.x and 6.x there are multiple
  reports)
- 4.3 is faster and more CPU friendly than later ones.
- 4.3 has license that can be used. Later ones have completely changed
  the licensing.
- Later version are complete rewrites - There is no upgrade path from
  4.x - 5.x - 6. x - or any later version possible.

I welcome someone to try to make an "installer" for later versions.

Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de> writes:
> If you download stuff from the web (e.g. the truecrypt sources) that  get
> somhow installed,.. you really should add some hashsums checking  (SHA512)
> and abort package installation (or creation) if the sums  don't match with
> the ones shipped with your package (and probably warn  the user about a
> potential security incident).

I think you refer to tar.gz etc. sources that are available from Web
pages. In this case the sources are fetched from Bazaar version control
repository hosted by launchpad.net. The repository's integrity isn't
compromized while the cloning, the download, happends.

If you have more information about bzr version control repository
breaches or their lack of security, please let me know.

Jari




Changed Bug title to 'ITP: truecrypt-installer -- Make *.deb packages out of Truecrypt sources' from 'ITP: truecrypt-installer -- Make *.deb packages out of Truecrypt sources) #null' Request was from Jari Aalto <jari.aalto@cante.net> to control@bugs.debian.org. (Sun, 06 Sep 2009 07:54:10 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, Jari Aalto <jari.aalto@cante.net>:
Bug#413070; Package wnpp. (Sun, 06 Sep 2009 12:15:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, Jari Aalto <jari.aalto@cante.net>. (Sun, 06 Sep 2009 12:15:03 GMT) Full text and rfc822 format available.

Message #59 received at 413070@bugs.debian.org (full text, mbox):

From: Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de>
To: Jari Aalto <jari.aalto@cante.net>
Cc: 413070@bugs.debian.org
Subject: Re: Bug#413070: notes on security
Date: Sun, 06 Sep 2009 14:06:01 +0200
Quoting Jari Aalto <jari.aalto@cante.net>:
> I think you refer to tar.gz etc. sources that are available from Web
> pages. In this case the sources are fetched from Bazaar version control
> repository hosted by launchpad.net. The repository's integrity isn't
> compromized while the cloning, the download, happends.
>
> If you have more information about bzr version control repository
> breaches or their lack of security, please let me know.
Not sure how the source for the code would improve security?
I mean regardless of whether you download a tgz or something from  
VCS,... this means, that without additional checking, installation of  
a debian package introduces unverified code, or not?

Chris.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.





Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>:
Bug#413070; Package wnpp. (Sun, 06 Sep 2009 16:57:16 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jari Aalto <jari.aalto@cante.net>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>. (Sun, 06 Sep 2009 16:57:16 GMT) Full text and rfc822 format available.

Message #64 received at 413070@bugs.debian.org (full text, mbox):

From: Jari Aalto <jari.aalto@cante.net>
To: Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de>
Cc: 413070@bugs.debian.org
Subject: Re: Bug#413070: notes on security
Date: Sun, 06 Sep 2009 19:42:15 +0300
Christoph Anton Mitterer
<christoph.anton.mitterer@physik.uni-muenchen.de> writes:
>> ... sources are fetched from Bazaar version control
>> repository hosted by launchpad.net. The repository's integrity isn't
>> compromized while the cloning, the download, happends.
>
> I mean regardless of whether you download a tgz or something from  VCS,...
> this means, that without additional checking, installation of a debian
> package introduces unverified code, or not?

Does any of these answer the concerns?

1. Originality of the 4.3a sources?

   They are the same on disk as they are at the launchpad.net bzr
   repository (the cloning process; repository download, is in itself a
   "verification process"). This is different from the possibliity to
   grab tar.gz files from hosts all over the world (mirrors). There you
   need *.gpg signature files to verify integrity.

   The 4.3a sources itself are open for review.

2. tc-installer and patches?

   The process applies patches to support later kernels.

   The patches are protected by GPG signature of the whole
   tc-install*.deb package; inside which they are.

3. Produced *.deb packages that the installer produces?

   The produced truecrypt *.deb packages are made by the standard Debian
   packaging commands. They are locally issued by the user who runs
   tc-dpkg(1) command.

   The build process runs Truecrypt selfcheck; to check the encryption
   algorithms.

   The security of the *.deb packages to enable Truecrypt is under his
   control.

Jari




Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Jari Aalto <jari.aalto@cante.net>:
Bug#413070; Package wnpp. (Sat, 19 Feb 2011 18:11:34 GMT) Full text and rfc822 format available.

Acknowledgement sent to Lucas Nussbaum <lucas@debian.org>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Jari Aalto <jari.aalto@cante.net>. (Sat, 19 Feb 2011 18:11:34 GMT) Full text and rfc822 format available.

Message #69 received at 413070@bugs.debian.org (full text, mbox):

From: Lucas Nussbaum <lucas@debian.org>
To: 413070@bugs.debian.org
Cc: control@bugs.debian.org
Subject: truecrypt-installer: changing back from ITP to RFP
Date: Sat, 19 Feb 2011 17:00:05 +0000
retitle 413070 RFP: truecrypt-installer -- Make *.deb packages out of Truecrypt sources
noowner 413070
thanks

Hi,

This is an automatic email to change the status of truecrypt-installer back from ITP
(Intent to Package) to RFP (Request for Package), because this bug hasn't seen
any activity during the last 6 months.

If you are still interested in adopting truecrypt-installer, please send a mail to
<control@bugs.debian.org> with:

 retitle 413070 ITP: truecrypt-installer -- Make *.deb packages out of Truecrypt sources
 owner 413070 !
 thanks

However, it is not recommended to keep ITP for a long time without acting on
the package, as it might cause other prospective maintainers to refrain from
packaging that software. It is also a good idea to document your progress on
this ITP from time to time, by mailing <413070@bugs.debian.org>.

Thank you for your interest in Debian,
-- 
Lucas, for the QA team <debian-qa@lists.debian.org>




Changed Bug title to 'RFP: truecrypt-installer -- Make *.deb packages out of Truecrypt sources' from 'ITP: truecrypt-installer -- Make *.deb packages out of Truecrypt sources' Request was from Lucas Nussbaum <lucas@debian.org> to control@bugs.debian.org. (Sat, 19 Feb 2011 18:23:03 GMT) Full text and rfc822 format available.

Removed annotation that Bug was owned by Jari Aalto <jari.aalto@cante.net>. Request was from Lucas Nussbaum <lucas@debian.org> to control@bugs.debian.org. (Sat, 19 Feb 2011 18:23:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#413070; Package wnpp. (Sun, 13 Jan 2013 19:15:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to balint@balintreczey.hu:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org. (Sun, 13 Jan 2013 19:15:05 GMT) Full text and rfc822 format available.

Message #78 received at 413070@bugs.debian.org (full text, mbox):

From: Bálint Réczey <balint@balintreczey.hu>
To: debian-legal@lists.debian.org
Cc: David Seaward <dseaward925@gmail.com>, 364034@bugs.debian.org, control <control@bugs.debian.org>, 413070@bugs.debian.org, Francis Russell <francis@unchartedbackwaters.co.uk>
Subject: Re: TrueCrypt license is now at v3.0
Date: Sun, 13 Jan 2013 20:13:06 +0100
retitle 364034 ITP: truecrypt -- cross-platform disk encryption
owner 364034 Balint Reczey <balint@balintreczey.hu>
thanks

Hi,

I would like help the package maintenance of truecrypt started by Russel [1]
and upload the package to non-free it if the revised (3.0) license allows that.

I think having the package in non-free would be better than having and installer
but I'm not 100% sure if the new license allows even that.

To my understanding the previous (2.x) license has already been discussed [2]
on debian-legal and found to be not clear enough and definitely not DFSG-free.

I'm hereby seeking debian-legal's advice to decide whether the new
license allows
truecrypt to be uploaded to non-free.

Thanks,
Balint


On 10/12/2011 09:15 AM, David Seaward wrote:

I have been following this issue downstream at
https://bugs.launchpad.net/ubuntu/+bug/109701

Relevant comments:

 * The TrueCrypt license is now at v3.0 - afaik an update since the
last evaluation - http://www.truecrypt.org/legal/license - is this now
acceptable?

 * It appears likely that TrueCrypt would only be suitable for
multiverse, not universe, and would require re-branding similar to
what was done with IceWeasel in Debian, but I think it can be included
now... If not, please contact upstream at licensing@truecrypt.org
about any remaining concerns.

[1] http://www.unchartedbackwaters.co.uk/pyblosxom/static/truecrypt_debian_packaging
[2] http://lists.debian.org/debian-legal/2006/06/msg00294.html



Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#413070; Package wnpp. (Sun, 17 Nov 2013 16:00:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Balint Reczey <balint@balintreczey.hu>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org. (Sun, 17 Nov 2013 16:00:07 GMT) Full text and rfc822 format available.

Message #83 received at 413070@bugs.debian.org (full text, mbox):

From: Balint Reczey <balint@balintreczey.hu>
To: balint@balintreczey.hu
Cc: debian-legal@lists.debian.org, David Seaward <dseaward925@gmail.com>, 364034@bugs.debian.org, control <control@bugs.debian.org>, 413070@bugs.debian.org, Francis Russell <francis@unchartedbackwaters.co.uk>
Subject: Re: Re: TrueCrypt license is now at v3.0
Date: Sun, 17 Nov 2013 16:59:58 +0100
[Message part 1 (text/plain, inline)]
retitle 364034 RFP: truecrypt -- cross-platform disk encryption
noowner 364034
thanks

The current license of TrueCrypt seems to be even worse. There may be
some improvements in the future [3], but I don't plan working on
TrueCrypt until the license question is resolved.

Thanks,
Balint

[3]
http://threatpost.com/audit-aims-to-put-concerns-over-dubious-truecrypt-license-to-rest

On 01/13/2013 08:13 PM, Bálint Réczey wrote:
> retitle 364034 ITP: truecrypt -- cross-platform disk encryption
> owner 364034 Balint Reczey <balint@balintreczey.hu>
> thanks
> 
> Hi,
> 
> I would like help the package maintenance of truecrypt started by Russel [1]
> and upload the package to non-free it if the revised (3.0) license allows that.
> 
> I think having the package in non-free would be better than having and installer
> but I'm not 100% sure if the new license allows even that.
> 
> To my understanding the previous (2.x) license has already been discussed [2]
> on debian-legal and found to be not clear enough and definitely not DFSG-free.
> 
> I'm hereby seeking debian-legal's advice to decide whether the new
> license allows
> truecrypt to be uploaded to non-free.
> 
> Thanks,
> Balint
> 
> 
> On 10/12/2011 09:15 AM, David Seaward wrote:
> 
> I have been following this issue downstream at
> https://bugs.launchpad.net/ubuntu/+bug/109701
> 
> Relevant comments:
> 
>  * The TrueCrypt license is now at v3.0 - afaik an update since the
> last evaluation - http://www.truecrypt.org/legal/license - is this now
> acceptable?
> 
>  * It appears likely that TrueCrypt would only be suitable for
> multiverse, not universe, and would require re-branding similar to
> what was done with IceWeasel in Debian, but I think it can be included
> now... If not, please contact upstream at licensing@truecrypt.org
> about any remaining concerns.
> 
> [1] http://www.unchartedbackwaters.co.uk/pyblosxom/static/truecrypt_debian_packaging
> [2] http://lists.debian.org/debian-legal/2006/06/msg00294.html
> 
> 
> 


[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#413070; Package wnpp. (Mon, 18 Nov 2013 09:03:12 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christophe-Marie Duquesne <chmd@chmd.fr>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org. (Mon, 18 Nov 2013 09:03:12 GMT) Full text and rfc822 format available.

Message #88 received at 413070@bugs.debian.org (full text, mbox):

From: Christophe-Marie Duquesne <chmd@chmd.fr>
To: Balint Reczey <balint@balintreczey.hu>
Cc: Debian-legal <debian-legal@lists.debian.org>, David Seaward <dseaward925@gmail.com>, 364034@bugs.debian.org, control <control@bugs.debian.org>, 413070@bugs.debian.org, Francis Russell <francis@unchartedbackwaters.co.uk>
Subject: Re: Re: TrueCrypt license is now at v3.0
Date: Mon, 18 Nov 2013 10:00:46 +0100
Not sure if that helps, but there is now tcplay, a new truecrypt
implementation [1]. It is licensed under a 2-clause BSD license. It is
supposed to be fully compatible with truecrypt, and so far I heard [2]
that it is pretty stable. See the archlinux wiki page [3] for the
manual. Maybe you could consider packaging this one instead?

[1]: https://github.com/bwalex/tc-play
[2]: http://jasonwryan.com/blog/2013/01/10/truecrypt/
[3]: https://wiki.archlinux.org/index.php/Tcplay



Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#413070; Package wnpp. (Mon, 18 Nov 2013 10:42:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to balint@balintreczey.hu:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org. (Mon, 18 Nov 2013 10:42:08 GMT) Full text and rfc822 format available.

Message #93 received at 413070@bugs.debian.org (full text, mbox):

From: Bálint Réczey <balint@balintreczey.hu>
To: Christophe-Marie Duquesne <chmd@chmd.fr>
Cc: Debian-legal <debian-legal@lists.debian.org>, David Seaward <dseaward925@gmail.com>, 364034@bugs.debian.org, control <control@bugs.debian.org>, 413070@bugs.debian.org, Francis Russell <francis@unchartedbackwaters.co.uk>
Subject: Re: Re: TrueCrypt license is now at v3.0
Date: Mon, 18 Nov 2013 11:38:53 +0100
Hi Cristhophe-Marie,

2013/11/18 Christophe-Marie Duquesne <chmd@chmd.fr>:
> Not sure if that helps, but there is now tcplay, a new truecrypt
> implementation [1]. It is licensed under a 2-clause BSD license. It is
> supposed to be fully compatible with truecrypt, and so far I heard [2]
> that it is pretty stable. See the archlinux wiki page [3] for the
> manual. Maybe you could consider packaging this one instead?
I was not aware of that implementation and thanks to your suggestion
I was about to check it, but fortunately it has already been packaged
by GCS [4].

Cheeers,
Balint

[4] http://packages.qa.debian.org/t/tcplay.html

>
> [1]: https://github.com/bwalex/tc-play
> [2]: http://jasonwryan.com/blog/2013/01/10/truecrypt/
> [3]: https://wiki.archlinux.org/index.php/Tcplay



Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 03:42:37 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.