Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] TrueCrypt Alternatives?

Greg greg at kinostudios.com
Fri Oct 3 12:33:29 PDT 2014


Dear Jonathan,

On Oct 3, 2014, at 11:41 AM, Jonathan Wilkes <jancsika at yahoo.com> wrote:
> You could also do a 3-clause BSD license for the library (i.e., business logic), then separate out the GUI part and put whatever license you want on the bundle.  You could even do deterministic builds of the library so that anyone can check the library inside the bundle against what they themselves can compile.  That's not ideal, but it's certainly better than restricting access to the entire source.  (And of course if you want to continue to do restricted access to the GUI code, that'd be even better.)


Thank you for that interesting idea!

We actually do open source some of Espionage's code under liberal licenses. All of the following is used by Espionage:

- https://github.com/taoeffect/TESetupAssistant
- https://github.com/taoeffect/TERecord
- https://github.com/taoeffect/TECommon

Then there's scrypt:

- https://www.tarsnap.com/scrypt.html

As far as making a library, that actually is something we could do. The crypto "meat" of Espionage (if you ignore Apple's closed source disk images) is actually the deniability part, the way we encrypt and store several different Folder Sets in the "database" (which contain the passwords to individual disk images).

We could open source that part, but we still cannot open source the disk image code (since we don't have access to it). So I am unsure whether it would make much of a difference to say, convince Steve Weis to recommend it.

I'm curious actually, Steve, would you recommend Espionage if we open sourced the part of it that I mention above? And if so, how is that not hypocrisy?

Thanks again Jonathan for the suggestion. I'd love to hear what you think about the above. Perhaps it might make sense to do this once we find a replacement for the sparsebundles?

Kind regards,
Greg Slepak

--
Please do not email me anything that you are not comfortable also sharing with the NSA.


> On 10/03/2014 12:57 PM, Greg wrote:
>> Dear Natanael,
>> 
>>> Call up Red Hat and ask them about how they manage their open source
>>> Linux distribution.
>> 
>> Oh, I am very familiar with the Red Hat model, and I respect it greatly, and am in fact pursuing something similar.
>> 
>> Red Hat works because it is complicated, technical infrastructure software that requires a great deal of support, custom solutions, etc.
>> 
>> That is not the market Espionage finds itself in, and so I cannot use their business model for it.
> 
> You could also do a 3-clause BSD license for the library (i.e., business logic), then separate out the GUI part and put whatever license you want on the bundle.  You could even do deterministic builds of the library so that anyone can check the library inside the bundle against what they themselves can compile.  That's not ideal, but it's certainly better than restricting access to the entire source.  (And of course if you want to continue to do restricted access to the GUI code, that'd be even better.)
> 
> What's more, any free software ideologue has the ability to try their hand at making an alternative GUI that's more user-friendly than the one you get paid directly by users to produce.  (Though judging from the history and ethos of free software usability I'd say that's quite unlikely to happen.)
> 
> -Jonathan
> 
>> 
>> Kind regards,
>> Greg Slepak
>> 
>> --
>> Please do not email me anything that you are not comfortable also sharing with the NSA.
>> 
>> On Oct 2, 2014, at 10:44 PM, Natanael <natanael.l at gmail.com> wrote:
>> 
>>> On Fri, Oct 3, 2014 at 2:50 AM, Greg <greg at kinostudios.com> wrote:
>>> 
>>>> Also, you convince me how to keep providing high quality software and
>>>> support while simultaneously making Espionage completely free and open
>>>> source and I will do it in a flash.
>>> 
>>> Call up Red Hat and ask them about how they manage their open source
>>> Linux distribution.
>>> --
>>> Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
>> 
>> 
>> 
> 
> --
> Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20141003/214c6eec/attachment.html>


More information about the liberationtech mailing list