约翰霍普金斯大学的Matthew Green教授致函一位TrueCrypt开发者,询问fork的可行性。这位TrueCrypt开发者简短的回答,创建分支是不可能的。他说,创建分支不是一个好主意,因为TrueCrypt的代码需要重写。他们一直想重写代码。他认为,从头开始写一个加密软件所耗费的时间并不比学习和理解现有的TrueCrypt代码库长。他表示参考TrueCrypt的源代码不会有什么问题。
==================
以下是Matthew和这位开发者的电邮(和我的中文翻译),英文来源 http://pastebin.com/RS0f8gwn
====开发者的回复====
I am sorry, but I think what you’re asking for here is impossible. I don’t feel that forking truecrypt would be a good idea, a complete rewrite was something we wanted to do for a while. I believe that starting from scratch wouldn’t require much more work than actually learning and understanding all of truecrypts current codebase.
I have no problem with the source code being used as reference.
很抱歉,我想你所说的fork一事目前是不可能的。我不觉得fork truecrypt项目是个好主意,从头重写truecrypt的代码的想法已在我们脑中闪了一段时间了。我想从头重写所需的工作量并不会比学习和理解现有truecrypt的全部代码要多。
如果将truecrypt源码作为开发参考的话,我觉得没什么问题。
====Matthew的邮件====
Hi,
I hope you’re well. I understand from seeing some previous emails that you were one of the Truecrypt developers, and that you’re no longer interested in continuing work on the project. I understand and can sympathize with that.
嗨,首先祝你过的愉快。 我从之前的一些email里了解到你是truecrypt项目其中的一位开发者, 而且你们现在也没有兴趣再继续这个项目的开发了。鉴于truecrypt项目的现况,我能理解并也有同感。
For the past several months we’ve been (very slowly) auditing the TC code. Now that you’re no longer maintaining it, there seems to be a great deal of interest in forking it. I think this interest has reached the point where a fork is virtually inevitable. This makes me somewhat worried.
在过去几个月里,我们已开始(很慢地)检查truecrypt的源码。如今你们也不再维护它,若能fork它则是让人很感兴趣的事情。实际上,这种兴趣已经上升到一个不可避免的临界点了,这样反倒让我有些担心起来。
We think Truecrypt is an important project — no proprietary disk encryption system offers cross-platform support and the same feature set. Moreover, Truecrypt is unlikely to ‘go away’ just because the developers have abandoned the project. In fact, it may become significantly less secure if it goes forward as samizdat or as part of some unauthorized fork.
我们认为Truecrypt是一个很重要的项目,是一个没有专利权限制、跨平台、且各平台上功能特性一致的磁盘加密系统项目。而且,truecrypt已经不是一个“仅仅因为被开发者放弃”就能说消失就消失的项目。实际上,如果这个项目被未经授权的山寨,或者成为一个地下项目的话,有可能反而成为一个“更加不安全的”磁盘加密项目。
We’d like the project to continue, but in a responsible way. That means fully auditing all of the crypto/container and bootloader code and (likely) replacing much of it with fresh implementations. Even though this will require some substantial re-development it still seems more practical than starting from scratch. The current plan is being led by a group of people who have a great deal of experience with cryptography and the expertise to identify flaws, but would prefer not to engineer from scratch.
我们希望这个项目能继续下去,但要以负责任的方式继续下去。这就意味着需要审查全部的crypto/container和boot loader代码,可能的话还需要用一些新的实现来替换一些旧代码。尽管这样也需要再开发,但仍然比从头重写要更现实一点。目前的开发计划小组由一些具备丰富加密开发经验和缺陷识别经验的人士领导着,但也倾向于不要从零开始。
The main concern we have right now is with the license structure and trademarks associated with Truecrypt. Of course some will fork the reject(PS:Matthew是不是输错了,应该是project吧?) regardless of the legal issues, but this doesn’t seem appropriate without clear guidance. What we would like is permission to take at least portions of the current codebase and fork it under a standard open source license (e.g., GPL/MIT/BSD). We would also like permission to use the Truecrypt trademark as part of this effort. If that’s not possible, we would accept a clear statement that you would prefer the software not be renamed.
我们目前主要关注的是与truecrypt有关的商标和license问题。当然,有人也会直接fork一个项目而无视合法性问题,但没有一个清晰的授权源,就这样做是不大合适的。我们更希望是能够在标准的开源license(如GPL/MIT/BSD)下取得授权,至少可以取得当前源码版本的。我们也希望能被授权继续使用truecrypt这个商标。要是这也不行的话,如果你们能清楚地声明希望软件不要被改名,我们觉得也可以接受的。
I realize this is a great deal to ask, but I would ask you to consider the alternative. Without expert attention there’s a high likelihood that TC 7.1a or some future insecure fork will occupy the niche that a secure version of TC could occupy. Giving your permission to undertake a responsible process of forking and redevelopment would ensure that your work can go on, and that nobody is at risk from using older software.
我知道我的要求也许太过了,但我还是想请你考虑一下另一种情形。如果没有专业人士的关注,很有可能出现不安全的fork版本占领了安全版本本应该有的市场地位。现在你有这样的机会来承担起fork和再开发过程的责任,一方面你们的工作可以得到延续,另一方面没有人会因为继续用老版本的truecrypt而面临风险。
I appreciate any consideration you could give this note. Thank you,
Matt
我将非常感谢你为此作出的任何考虑或回应。谢谢!