It's dangerous to encourage truecrypt to the exclusion of other options. It's dangerous to use truecrypt in inappropriate situations. At the same time it's good to make sure truecrypt is the best it can be at what it does, even if that category is fundamentally limited.

To get more explicit, it's the difference between "using" truecrypt and "relying" on truecrypt. You want to give people an accurate picture of their options and the tradeoffs. "relying" on truecrypt is dangerous.

Yes. Exactly this. Also: your guess is as good as mine as to why this nuance was worth discussing.

This is just sensationalism.

"<Popular product> shouldn't be relied on!" What he doesn't say is exactly what you just said, that it works for the majority of use cases. It all hinges on this liberal interpretation of the word "rely".

"Top 10 things your cryptographer doesn't want you to know!"

It's marketing, and it's annoying. TrueCrypt is just fine for the majority use case, and Thomas knows that, but that doesn't get attention. Saying bombastic things like, "Don't use TrueCrypt!" gets attention.

So I gave him some attention. Hope that's what he wanted.

You're the one making a big deal out of a statement as simple as "use something better if possible", trying to turn it into a contradiction so he can be "wrong".

Use cases where the security fails are a huge red flag. Mentioning red flags is not sensationalism.

That's not what he said, he said it's actively harmful to promote the use of TrueCrypt. That's a world of difference from "use something better if possible".