• [zen@freedbms.net: Veracrypt license - how to change it]

    From Zenaan Harkness@21:1/5 to Mihai Moldovan on Wed Aug 7 15:20:02 2019
    On Wed, Aug 07, 2019 at 12:23:37PM +0200, Mihai Moldovan wrote:
    * On 8/7/19 9:31 AM, Zenaan Harkness wrote:
    In the interests of having Veracrypt be distributable by Debian,
    all Veracrypt code must be licensed accordingly.

    This can be done by public notice (see below).

    Re-licensing can be a difficult, lengthy process and - as far as
    I've seen in the one case I observed and took part in (mpv's core re-licensing, which started in 2015 and is more or less done at the
    current time, but still not completely finished) - doesn't work the
    way you'd like to have it.

    Oh yes, as far as I've seen in the MAME case, yes it does.

    Doing so would be somewhat similar to how the MAME community caused
    their source code license to be changed from "problematic for Debian/
    the FSF etc" into something distributable by Debian etc (I think they
    went to GPL).

    Skimming over articles, this situation looks different. The MAME
    project didn't just inherit/fork code from another developer team,
    but was always headed by the MAME development team itself, with
    changing personnel. Crucially, the project lead that initiated the
    license change has already been head for 3 years at the time, so I
    figure he'd be part of the project to some degree/contributing to
    it for an even longer time already.

    As have the Veracrypt devs - they've been developing it for YEARS

    If anything, this example shows that re-licensing can be pretty
    easy IFF you control most code and contributors can be easily
    reached (they obviously have contacted contributors individually as
    well, not just issued this "public notice"), but even that process
    is dodgy as best, as it wasn't carried out in the public, as far as
    I can tell. There was no way to observe it.

    Your anecdote is appreciated.

    There are other anecdotes.

    And the question is what -can- work, and should we attempt to do that.

    Here's what the Veracrypt community would need to do:

    - make a public announcement that they will, after DURATION say 1
    year, change the license to all outstanding source code inherited
    from TrueCrypt, to be Apache/GPL/whatever

    ... and effectively ignore the original authors's copyright and original license.

    Only if those original authors say nothing - either they are not
    contactable, or they choose to remain anonymous and not contactable
    which is effectively the same thing.

    I was probably unclear in my original email - to the extent that they
    -are- in fact contactable, they certainly ought be contacted.

    - include in the announcement that any party objecting must contact
    the developers at BLAH (email list address, or list of developer
    email addresses)

    That's not the way this stuff works. You have to assume objection
    UNTIL given permission. I wonder if that would be a fitting
    metaphor: a burglar justifying his actions by giving the sleeping
    original occupants an ample amount of time, say, 10 minutes, to
    answer the question if they'd be okay with him taking valuables.
    Since they haven't responded, he assumed that it's fine to proceed.
    More tongue-in-cheek, naturally, but still somewhat fitting.

    I think I addressed this, but anyway, what you are saying is not
    legally sound - duty of care, public notice, and tacit consent, are
    actual legal, and legally binding concepts, whether or not you like

    The announcement needs to be published and made generally publicly available - e.g. at Slashdot, LWN, on the Veracrypt home page, etc.

    Ugh, I didn't yet know I have to check these outlets regularly. Now
    I'm terrified of having missed a lot of legal announcements for any
    project I ever contributed to!

    As long as your contact details are included with your contributions,
    then anyone giving such public notice, perhaps in a rarely visited
    corner of the web so as to not be noticed, and failing to properly
    attempt to contact you using the means of contact you have provided,
    would be seen by the community, and by the courts, as acting in bad
    faith (basically, failing to act pursuant to our duty of care to one

    On this basis, you have no need to live in terror - so go forth and
    be confident, and not afraid, that your copyright 'rights' shall in
    general be protected in this current modern Western world.

    Legally, this does a few things:

    - gives general public Notice (legal concept), that something will
    be done in the future, thus satisfying the general duty of care to
    the public that something will be done which may affect the
    interests of the public

    I don't think this concept can be applied in this case. It might be
    a fine in order to inform a mostly anonymous, but concerned mass,
    but the situation is different here.

    For instance, informing affected parties about upcoming communal
    changes via public announcements/notices in the town hall
    (including about their legal right to oppose the changes) is fine
    if the affected parties can not be easily identified.

    Which is the case with Truecrypt.

    Even if the administration had an up-to-date list of residents,
    other affected parties might exist that are not registered at that
    place, but, e.g. commuting.

    Come on! We're not talking putting up a poster at the New York town
    hall or some bullshit - this is about giving notice in a few
    prominent and relatively "attended by programmers and tech geeks"
    digital locations.

    On the other hand, this is not an acceptable procedure in legal
    proceedings that involve a set of known parties.


    In this case, they must be notified explicitly.


    We must do what must be done.

    But I think you misunderstand - or perhaps you are not familiar with
    the Truecrypt/ Veracrypt case - the old Truecrypt developers were
    intentionally relatively anonymous, and at this time uncontactable
    (IDK the exact reasons now, but that's the case).

    The issue I think is merely that those who -can- be contacted agree
    that the TC license is problematic, but that a proper history of who
    wrote what code is not known, and so the copyright is sort of a
    collective copyright, and certain of the programmers of that code are
    no longer contactable, and thus the conclusion "it's all too hard
    we're stuck with this problematic license forever".

    It's that conclusion which is the only problematic bit, and which is
    handled with the legal construct summarized as "public notice".

    This case is more alike the latter one.


    - parties who remain silent, are thereafter (after time period
    DURATION) "taken to have tacitly consented"

    During the mpv re-licensing, code written/modified by unreachable contributors was marked as not re-licensable and to be rewritten,
    which sounds like a much saner approach.

    Sounds like a daft approach.

    MPV folks created more work for themselves ENTIRELY unnecessarily so
    - or perhaps they simply were not aware of the construct of public
    notice and the consequent tacit consent -created- by that public

    Oh, that reminds me - another classic, widely used and therefore
    "presumably well known" form of public notice and consequent tacit
    consent, is the "land development notice" which you see particularly
    frequently in big cities, but also in the burbs by small developers
    or even by home owner-builders.

    The public notice is in all jurisdictions I am aware of in Australia
    (at the state, as well as the local council jurisdictions), a
    requirement in the various statute laws - which also specify the
    minimum time durations that such public notice MUST be given, PRIOR
    to the commencement of the building or development works...

    The public thereby is given notice, and once the required time period
    has elapsed, the tacit consent of the public and the neighbours to
    the property to be developed, is gained, and development/ building
    may proceed on the basis of that -tacit- consent.

    With the public put on notice, objections may also be filed with the
    local/city council, to the development, then, again prior to
    building works starting, those objections must be handled - and the
    council (or state government) has usually documented, sometimes in
    statute law, processes for the handling of such complaints.

    This is perhaps a reasonable analogy.

    The above is legally sufficient to make such a change, and the MAME community is at least one example where this legal technique of
    Public Notice has been used effectively.

    Again, I consider MAME's license change shady at best.

    OK. Your consideration is entirely different to mine - the MAME crew
    spent considerable -years- doing everything they could to contact
    everyone relevant, rewriting that which was objected to, and giving
    ample public notice of their intentions; in summary they:

    - handled themselves in dignity

    - abundantly handled their duty of care to the broader MAME
    community as well as the various copyright holders

    - effectively created the legal entitlement, sanction, and tacit
    consent for the remainder, to relicense MAME using a proper FLOSS

    Bloody well done!

    And done in dignity, and honourably!

    Any assertion that they acted dishonourably better be backed up with
    facts or it's nothing but a dishonourable and libelious smear.

    A contributor with considerable changes objecting to the change
    (even retrospectively, for instance because the whole "public
    notice" thing didn't reach him) might easily pull the project into interesting legal issues.

    It might. Or it might not. And the process the MAME folks followed
    may well provide them ample legal footing for a strong defence to any
    such legal action/ claim - I believe this to be the case in fact.

    Having no public record likely doesn't help the case, neither.

    Or it might help their case too - IDK.

    But if someone wishes to bring a claim against "the MAME community",
    they better be the ones bringing a clear and unambiguous record, and
    I have no doubt it will be handled both graciously and with dignity,
    and to the ultimate satisfaction of all concerned, as this is in
    keeping with the history of the MAME crew and how they handled their relicensing to date.

    If an objection -is- raised, and if the person objecting is an
    actual copyright holder of certain Truecrypt code, then that
    particular code can thereafter be rewritten. Other than this,
    objections are unlikely to be legally substantive and may well be
    able to be ignored. Notwithstanding, all objections should be
    responded to as to what position is being taken in relation to
    that objection (this is part of the duty of care to the general
    public/ others in our community).

    Careful, I very much misinterpreted that paragraph at first. My
    original reply would have said "Wait, I may misunderstand this
    paragraph, but it sounds like you're saying that code affected by
    direct objections *CAN*, but needs not, be rewritten later on and
    that any objections would have no legal binding whatsoever anyway
    and can be ignored?"

    <chagrin> Thanks, you're right - my wording was unclear. Thanks for
    pointing this out to anyone - it's very good to clarify such

    I assume that what you actually meant is that objections by
    non-contributors have no legal binding and can be ignored, which is
    true, but also a tautologism.

    Yes, and the point is that the legal construct of public notice is
    that by giving public notice, you give (a best effort at least) to
    provide every opportunity for those who might want to object, to so
    object (and to contact people who might want to object).

    In this way, we satisfy our duty of care to objectors - and in
    particular, to anyone who might have a (legally) valid objection,
    which is the thing you want to handle.

    The suggested approach sounds HIGHLY questionable to me. I
    personally fully support the intention, but strictly oppose the


    Anyway, ATEOTD, my intention was to somehow make contact with the
    Veracrypt developers - their intention and their will (at the moment)
    are the only wills which matter in this instance at this point in

    On the other hand, if they don't pick up this public notice + tacit
    consent ball and run with it, literally anyone who chooses, can do so ...

    Good luck ;)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Zenaan Harkness@21:1/5 to Giovanni Mascellani on Fri Aug 9 00:50:01 2019
    On Thu, Aug 08, 2019 at 09:54:05PM +0200, Giovanni Mascellani wrote:
    Il 07/08/19 14:29, Zenaan Harkness ha scritto:

    Corporations use tacit consent regularly too - Uber gets going in a
    new city, and they assume the right to operate in the face of the
    existing laws about Taxi cabs etc, and build they user base quickly
    enough that by the time any court case gets going, they can have
    financial, legal and government clout to get the laws changed - but
    until that change happens, they operate under TACIT CONSENT - tacit
    consent of the people, and tacit consent of the government.

    There is no law saying that you cannot operate cabs.

    Pure hogwash. And a negative averment seeking "tacit support by non
    response" to boot - devious I tell ya, devious! :)

    The things people believe, hey?

    Since you asserted some nonsense, here's some facts in response:

    Melbourne levels playing field for Uber, taxis, limos

    Published 4:40 p.m. ET Nov. 12, 2015

    MELBOURNE — Rather than changing with the times, Melbourne's
    licensed taxi, limousine and shuttle companies are relying on
    government to keep regulatory barriers high and protect their
    businesses from app-based competitors like Uber, Lyft and Sidecar,
    City Hall officials believe.

    That will change: Tuesday night, the Melbourne City Council decided
    to deregulate the vehicle-per-hire industry in the city and "level
    the playing field."

    ... City Council postponed discussion on the topic in August.
    That's when representatives of some of Melbourne’s 43 licensed
    taxi, limousine and shuttle companies — plus the Florida Taxicab
    Association and National Limousine Association — lobbied for
    continued regulations.


    and see:

    Facing Uber, Melbourne cab companies support regulations

    MELBOURNE – City leaders have hit the brake pedal on a proposal to
    deregulate Melbourne’s 43 licensed taxi, limousine and shuttle

    Tuesday, an array of Space Coast cab and limo company owners
    surprised Melbourne City Council members by asking to continue
    following City Hall rules.

    App-based competitors like Uber, Lyft and Sidecar are exempt from
    city code. But Louie Minardi, president of the Florida Taxicab
    Association, and David Shaw, the National Limousine Association’s
    Southeast region director, said their industry should continue
    having insurance-coverage requirements, vehicle inspections, drug
    testing and criminal background checks for drivers.

    “Even the National Coalition Against Domestic Violence has issued
    warnings about the ride-sharing,” Minardi told council members.
    “Ride-sharing is where the taxis and limos were years ago. That’s
    why we have regulation — because we had the same problems. You
    don’t know who’s driving the car.


    and, for the legal punch line, how Uber created their legal
    entitlement by effectively saying "f u" to Melbourne's Taxi

    Citing Uber, Melbourne may drop taxi permits

    Citing competition from Uber and up-and-coming ride-sharing
    services, Melbourne officials may deregulate taxi, shuttle and
    limousine companies to level the competitive playing field.

    Forty-three such companies are licensed to operate in Melbourne,
    employing 457 permitted drivers and using 131 decal-equipped
    vehicles. Per city code, these companies must pay a one-time $50
    application, pay $10 decal fees per vehicle, and pay a $15
    application fee and $24 background-check fee for each prospective

    Plus, each regulated business must carry liability insurance
    covering at least $300,000 for injury and death claims per

    In contrast, no app-based newcomers like Uber, Lyft or Sidecar have
    gone through the city's application process, City Clerk Cathy Wysor
    and Police Chief Steve Mimbs — who support taxi deregulation —
    wrote in a joint memo.


    and if you still don't believe there are laws over taxi cabs:


    Taxis in Australia are highly regulated by each Australian state
    and territory,[1] with each state and territory having its own
    history and structure. In December 2014, there were 21,344 taxis in
    Australia.[2] Taxis in Australia are required to be licensed and
    are typically required to operate and charge on a fitted taximeter.
    Taxi fare rates are set by state or territory governments. A
    vehicle without a meter is generally not considered to be a taxi,
    and may be described, for example, as a hire car, limousine,
    carpool, etc. Most taxis today are fuelled by liquid petroleum gas.
    Cabcharge Australia owns and operates the Cabcharge payment system,
    which claims to cover about 97% of taxis in Australia, and operates
    one of Australia's largest taxi networks.[3]


    Actually, there is
    something like this somewhere, and in those places Uber cannot operate.
    But this has nothing to do with our case, because in fact there is a law saying that you cannot modify or redistributed other people's
    copyrighted code unless you have explicit permission.

    Just because we are normally not taught about tacit consent, does not
    mean that tacit consent does not exist, or is not used on a daily
    basis all over the planet.

    Yes, but for other things.

    HTH, Giovanni.

    Well, you provided a classic negative averment - another legal
    technique - when you said:

    "There is no law saying that you cannot operate cabs."

    and then waited to see whether I would fail to respond, in which case
    it would "be taken" that I had tacitly consented to your rubbish.

    Now you are in a position where you can accept this, or change the
    playing field by saying something like "oh I didn't say there were no
    laws in relation to driving cars for payment, of course there are
    regulations which normal car drivers don't have to obey",

    and then I would say "now you're dodging, and besides, Uber didn't
    break any law, they simply did not obey the city regulations, which
    are sort of laws but sort of not,"

    and I would say "come on, you're splitting hairs - you made it sound
    like Uber was not creating a legal entitlement to do what they did,
    by simply doing it and ignoring the currently legal regulatory

    and who knows, may be someone somewhere will realise that yes, there
    are laws around taxi cabs, limousines etc, and yes, Uber bloody well
    ignored them and DID in fact create their own legal entitlement by
    doing so (by tacit consent and force of numbers of drivers which they
    built up quickly enough to have a real "political conversation" in
    each jurisdiction they began operating in without having to face
    costly (financially crippling) court cases before they were ready.

    Anyway, folks don't have to believe in tacit consent for it to be
    real - ostrich syndrome is pretty big here in Australi, so those who
    do ignore those techniques which are used against them are no
    different to the vast majority of other humans.

    Good luck,

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)