TrueCrypt 7.1a Released

A minor update to the TrueCrypt free open-source disk encryption tool arrived today, version 7.1a, some five months since the release of the previous stable version. I have upgraded several systems to the new version without issue, including two laptops with pre-boot authentication and full disk encryption, and a media server where I use TrueCrypt to create and work with encrypted file-container volumes as part of my backup process.

The new release came paired in typical fashion with the following barren waste of a changelog:

7.1a

February 7, 2012

      Improvements and bug fixes:

  • Minor improvements and bug fixes  (Windows, Mac OS X, and Linux)

Beyond my usual bemoaning of the lack of transparency, I got it in my mind that I could stir the pot by running a diff of the source code going from 7.1 to 7.1a and sharing the complete changes here. But, the diff output is far too jumbled to make much sense of.

  • About two thirds of the changes are strictly in verbiage. Some text surrounding trademarking (that is unlikely to affect end users) has been subtracted from the license, for example.
  • There are bugfixes scattered throughout the source modules, that is for sure, but good luck isolating them. As far as I can tell they relate in part to sleep states, first install workflow, and system encryption install and upgrade.
  • There are some apparently cosmetic changes related to the authors’ donation campaign where it plugs with the application’s front-end.
  • There is some housekeeping, just updating version markers and dates and the like.

I could post the complete diff but it serves poorly to illustrate what a user who trusts the security of their irreplaceable data to the authors of TrueCrypt would really like to know: exactly what was broken, exactly what was fixed, exactly how many issues were addressed, and exactly how these fixes were accomplished.

Many open-source software development projects make a web-based bug and change tracking system available (WordPress trac comes to mind) so that members of the community that desire this level of insight have unrestricted and transparent access both to consume and to contribute. TrueCrypt does not. It so happens there is more to open-source than just “here is the source.”

Resources

TrueCrypt Homepage

TrueCrypt Release Notes

TrueCrypt Download Latest Stable Version

2 Comments

  1. Anonymous Cowboy

    What you’re actually saying is ; not only can I not be bothered to read the source code, but I also want you to, in addition to provide me with free full disk encryption software, find the time to comment and track all changes to the source code. Again, primarily becuase I can’t be bothered to do so.

    Why don’t you donate several thousand euro – then you have SOME basis to whine.

  2. scott

    I scripted my own diff of the full source code of the sequential versions and pored through the results in order to research the exact changes. You call that “not reading the source”?

    I have to do this for every release because the authors never provide a meaningful changelog. No user should ever be expected (and most are unable) to do this for any software, free or otherwise.

    The providers should be expected to at least summarize the changes and spend more than five words doing so, and particularly in the security space where transparency matters.

Comments are closed.
Top