[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: License review: Trusted Computing Group



On Tuesday, January 28, 2025 6:04:16 AM MST Daniel Hakimi wrote:

> The source code license here is surprisingly good, the "other parts of the

> specification" license is the problem. It's effectively discrimination by

> field of endeavor. I would make sure they're only including the source code

> + license documents and copyright notices.


I concur with that assessment.


> On Tue, Jan 28, 2025, 07:57 Simon Josefsson <simon@josefsson.org> wrote:

> > Hi

> >

> > I'm working on packaging https://github.com/google/go-tpm-tools/ which

> >

> > has a LICENSE file that claims:

> >   A portion of the source code is derived from the TPM specification,

> >   which has a TCG copyright.  It is reproduced here for reference.

> >

> > The file has some other problem [1], so I'm not confident that this part

> > is actually still a valid statement, but I reckon it is reasonable to

> > assume so until some clarification is available.

> >

> > That begs the question, is the license below suitable for inclusion into

> > Debian main?  See verbatim quote below.

> >

> > /Simon

> >

> > [1] https://github.com/google/go-tpm-tools/issues/533

> >

> > Licenses and Notices

> > Copyright Licenses:

> >

> > * Trusted Computing Group (TCG) grants to the user of the source code

> > in this specification (the "Source Code") a worldwide, irrevocable,

> > nonexclusive, royalty free, copyright license to reproduce, create

> > derivative works, distribute, display and perform the Source Code and

> > derivative works thereof, and to grant others the rights granted

> > herein.

> >

> > * The TCG grants to the user of the other parts of the specification

> > (other than the Source Code) the rights to reproduce, distribute,

> > display, and perform the specification solely for the purpose of

> > developing products based on such documents.

> >

> > Source Code Distribution Conditions:

> >

> > * Redistributions of Source Code must retain the above copyright

> > licenses, this list of conditions and the following disclaimers.

> >

> > * Redistributions in binary form must reproduce the above copyright

> > licenses, this list of conditions and the following disclaimers in the

> > documentation and/or other materials provided with the distribution.

> >

> > Disclaimers:

> >

> > * THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF

> > LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH

> > RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)

> > THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR

> > OTHERWISE. Contact TCG Administration

> > (admin@trustedcomputinggroup.org) for information on specification

> > licensing rights available through TCG membership agreements.

> >

> > * THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED

> > WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR

> > FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR

> > NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY

> > OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.

> >

> > * Without limitation, TCG and its members and licensors disclaim all

> > liability, including liability for infringement of any proprietary

> > rights, relating to use of information in this specification and to

> > the implementation of this specification, and TCG disclaims all

> > liability for cost of procurement of substitute goods or services,

> > lost profits, loss of use, loss of data or any incidental,

> > consequential, direct, indirect, or special damages, whether under

> > contract, tort, warranty or otherwise, arising in any way out of use

> > or reliance upon this specification or any information herein.

> >

> > Any marks and brands contained herein are the property of their

> > respective owners.



--

Soren Stoutner

soren@debian.org

Attachment: signature.asc
Description: This is a digitally signed message part.


Reply to: