A minor update to the TrueCrypt free open-source disk encryption tool arrived today, version 7.1a, some five months since the release of the previous stable version. I have upgraded several systems to the new version without issue, including two laptops with pre-boot authentication and full disk encryption, and a media server where I use TrueCrypt to create and work with encrypted file-container volumes as part of my backup process.
The new release came paired in typical fashion with the following barren waste of a changelog:
February 7, 2012
Improvements and bug fixes:
Minor improvements and bug fixes (Windows, Mac OS X, and Linux)
Beyond my usual bemoaning of the lack of transparency, I got it in my mind that I could stir the pot by running a diff of the source code going from 7.1 to 7.1a and sharing the complete changes here. But, the diff output is far too jumbled to make much sense of.
- About two thirds of the changes are strictly in verbiage. Some text surrounding trademarking (that is unlikely to affect end users) has been subtracted from the license, for example.
- There are bugfixes scattered throughout the source modules, that is for sure, but good luck isolating them. As far as I can tell they relate in part to sleep states, first install workflow, and system encryption install and upgrade.
- There are some apparently cosmetic changes related to the authors’ donation campaign where it plugs with the application’s front-end.
- There is some housekeeping, just updating version markers and dates and the like.
I could post the complete diff but it serves poorly to illustrate what a user who trusts the security of their irreplaceable data to the authors of TrueCrypt would really like to know: exactly what was broken, exactly what was fixed, exactly how many issues were addressed, and exactly how these fixes were accomplished.
Many open-source software development projects make a web-based bug and change tracking system available (WordPress trac comes to mind) so that members of the community that desire this level of insight have unrestricted and transparent access both to consume and to contribute. TrueCrypt does not. It so happens there is more to open-source than just “here is the source.”