SYSTEM wrote:There is one problem in VeraCrypt's licensing, though: I doubt the developers have permission to relicence the code as Ms-PL...
Yeah, true. However, I do want to talk about my hesitation with Ms-PL since this will probably come up again in the future...
SYSTEM wrote:In my opinion such code is more free than code under the GPL. (However, I'd use an even more permissive license such as BSD or MIT.)
You're absolutely right that you are free to do whatever you want to do with the code. However, in practice I think this ends up being less free.
- Some developers are bothered for example by the idea that what they're working on could get snapped up by some company who would add the marginal necessary features/polish and then sell it. This certainly happened with Microsoft who used the BSD networking stack and at least to some extent from Apple with Darwin. It might also explain the success of Linux over the many flavors of *BSD.
- Some users are bothered by the fact that a company can take an open protocol or system, go commercial with it to adopt and improve it in a closed way, and then dump it later (the embrace, extend, extinguish strategy).
More critically, I want a security program's code to remain open so that we can have audits like the one that was run on TrueCrypt. The GPL a better license to encourage that type of analysis and ongoing scrutiny because the community is less afraid that it's going to get yanked into something commercial.
All that aside, we're not doing great in the security realm right now so if a great program comes out, I'll definitely use it regardless of my hesitations about the license.